One Hour of Nintendo Piracy Facts

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

when you think about piracy or anti-piracy measures in games you probably think about pc gaming the nintendo ds or game boy advance or maybe even the dreamcast or playstation but one console that probably doesn't come to mind is the nintendo 64. due to the system using cartridges pirated copies were more expensive to reproduce this meant that pirates in the late 90s and early 2000s instead set their sights on the dreamcast mps-1 as discs were a lot cheaper to reproduce with that said it wasn't as if developers just left their n64 games without any form of copy protection many n64 titles actually have anti-piracy including titles like the legend of zelda ocarina of time and several titles made by rare such as donkey kong 64. so in this video we'll be showing you some of the most noteworthy examples of anti-piracy measures in nintendo 64 games starting with the much-loved platformer collect-a-thon banjo-tooie rare knew that banjo-kazooie was a hit with the nintendo 64 and they wanted to make sure its sequel sold just as well by introducing new anti-piracy measures but we're sure the team didn't expect their efforts to be so effective that tui is often touted as the most copy protected n64 title in the entire system's library in fact the rom for banjo-tooie wasn't entirely cracked until december 2012 over 12 years after its release although tui could be played relatively issue-free on nintendo 64 emulators on pc prior to december 2012 the game wouldn't work properly on flashcards like the everdrive this is partly a result of the emulators being able to emulate boot chips and the like but it's also due to the game having many anti-piracy checks the first test occurs when the game is powered on where it checks for the correct save type banjo2 uses a two kilobyte eeprom but if the save type for the game is incorrect or there simply is no save chip present on the game's cartridge the game acts as if there's no controller plugged in this means no buttons will respond and a no controller message will display on screen the second level of copy protection comes in the form of a cic lockout chip which the game checks for with ntsc copies of the game checking to see if a cic nus6105 chip is present and pal copies looking out for a cicnus7105 chip this check is done by using the challenge response feature found in these chips which banjo-tooie makes heavy use of throughout gameplay with 268 different checks in total the responses from the cic chip are used to decrypt files associated with the game's assets so if any of these checks end up failing the game can't decrypt the data and will be unable to load a required asset into the game this results in all manner of crashes and since this happens hundreds of times throughout the game it's essentially unplayable if you're not familiar with nintendo 64 anti-piracy and who blame you you might be asking yourself what the hell are these cic chips the game uses well it's a fascinating series of chips that many n64 games use for copy protection including several more games in this video so we're going to briefly explain how it works cics are boot chips and ever since the nes and snes nintendo had implemented cics in their systems to curb piracy however it wasn't long before pirates worked out a means of circumventing the anti-piracy measures that utilize these chips and so it became open for the masses to play downloaded roms for the n64 nintendo didn't stray too far from the measures they already knew and continued to utilize cic chips however nintendo knew that these were simple to bypass so a change in implementation was made instead of the n64 including a corresponding cic chip it instead used a pif bus this handled the system's initial boot code for the system as well as handling controller inputs but mostly it handles security on the console it checks that the cartridge contains the correct cic chip thus checking if it's been pirated and that it's a cartridge with the same region as the console with the snes it became simple enough to disable the circuit which the cic in both the cartridges and the system utilized but the n64 now had a chip which handled multiple functions and didn't work in sync with the chip on the cartridge this means that stopping the circuit the chip is running on would just result in games failing to boot entirely this meant that n64 devices which ran backups would often require the use of a legitimate cartridge as well in order to use the cic chip located on the legitimate game in total there were five different cic chips on cartridges per region which meant that you'd need to use a game which utilized the correct chip for the game you wanted to run this was a problem for people wanting to play star fox 64 for example as it was the only game to use the cic nus 6101 chip on the cartridge which meant you'd need a legitimate copy of star fox 64 in order to play a backup copy over time many clever people worked out the deeper inner workings of both the cic and the piff and ultimately came up with a means to get around their methods we mentioned before that banjo-tooie had stringent copy protection but this was typical of rare who would aggressively protect their games from piracy while most companies simply put faith into nintendo's built-in anti-piracy measures rare implemented additional security in most of their games and jet force gemini was one of these titles if the game detected a different variant of the cic chip than what is supposed to be included in the game it would still boot but during the game all weapons would be disabled if the player tried pressing the z button to fire they'll simply hold their weapon out and do nothing meaning that it would be impossible to progress past the first lifeforce door in goldwood additionally if the player is controlling juno they'll no longer be able to run and be forced to move through the world at an incredibly slow walk speed most n64 backup devices used the 6102 and 7102 variants of the cic chip because this was the most common cic in n64 cards but jet force gemini used 6105 and 7105 variants which made the game difficult to pirate successfully this was more strict than rare's earlier anti-piracy measures but the methods used in earlier titles such as dilly kong racing could still leave would-be pirates a little vexed diddy kong racing makes the typical checks for the correct cic chip but interestingly if it finds a chip of a different iteration the game will actually let the player progress to a race with a catch from there they'll be subjected to the pause menu continuously appearing to disrupt gameplay we say this is less strict because technically this does mean that the player could complete the game if they continuously unpaused it but this would probably be excruciating to endure or perhaps a great speed run category to watch on games done quick donkey kong 64 was similarly not quite as harsh at preventing the player from making progress but it wasn't exactly forgiving of pirates if a different cic chip than the one included in the retail cart is being used the game will boot and play completely fine the only problem is the player would have to be willing to leave their system on even when they're not playing as the game will randomly delete save data from the cartridge during gameplay without warning but these examples are fairly simple deleting save data stopping the game from booting or preventing progress what about some whacked out nonsense that makes pirates confused and flustered perfect dark contains a huge number of piracy checks in this data with some being pretty simple and some being pretty bizarre all of the game's anti-piracy measures occur when specific actions are taken in game and if one of the checks fails to determine the title is running unmodified and legitimately they will trigger the first check occurs during the power on phase causing the game to simply never boot another check is made when opening the game's cheat menu which will simply crash the game when opening a door the game will rewrite its code to prevent doors from opening if a simulant picks up an item in multiplayer all guards will suddenly be able to see the player through walls and when a guard uncloaks this disables the ability for the player and other characters from going up and down slopes another fun form of copy protection happens whenever a character throws a grenade which will trigger an infinite number of explosions to spawn around the player and not just that but whenever there is an explosion the game will then make all explosions massive and if a player breaks glass the game's audio frequency is modified to an incredibly high value resulting in all characters sounding like chipmunks rare certainly got creative with this one but nintendo have also gotten a bit wild with their anti-piracy measures themselves one of the biggest titles on the nintendo 64 and the one most likely to be the shining jewel in a would-be pirate's sights is the legend of zelda ocarina of time just like every other game we've mentioned zelda utilizes a check for the correct cic lockout chip and if a chip other than 6105 or 7105 is detected several measures are put in place one alteration is made with how the code manages the fishing minigame this measure makes it so that fish from the pond at lake hylia always let go after being caught for 51 frames about 2 and a half seconds making the fishing minigame impossible this in particular seems like a strange piece of anti-piracy as the fishing segment isn't needed to beat the game and is only needed if you want to 100 complete it that said a different measure will absolutely stop you in your tracks if you're playing a pirated game the bars found in ganon's castle which block the exits during the escape sequence might give you some trouble zelda will normally open these bars for the player but if the wrong chip is detected the bars will simply stay in place zelda however will not but probably the most bizarre change to occur involves the 3d model for adult zelda during cut scenes this can first be seen during the cutscene in which sheik's identity is revealed where chic transforms back into zelda to reveal her with a rather extreme slick back puff hairstyle did you know despite piracy largely being something that harms a game console sales the lack of piracy on the gamecube actually hurt the system's performance in some regions according to an article from ign's southeast asian branch the gamecube's inability to run pirated dvds and game discs was a big reason many gamers in the area turned to the original xbox and playstation 2. piracy has been reported to run rampant in southeast asia and although you might think this harms a console's sales it's actually one of the reasons why nintendo's handhelds like the game boy advance and nintendo ds sold so well in the region it wasn't until nintendo released the wii that they once again saw home console success in southeast asia with a big factor in its high sales being its ease of access for piracy despite the gamecube having far less piracy than nintendo's other systems the big n still published an official anti-piracy training manual that showed consumers how to spot fake gamecube games some of nintendo's tips included looking out for a colored tone to the bottom of discs instead of a silver one poor quality printing on the top of discs distorted looking or low quality game boxes incorrect box sizes missing components and unrealistic price points this guide would actually come in handy for some like certain residents of the united kingdom in staffordshire in the uk on april 5th 2005 an official anti-piracy operation confiscated around 20 000 dvds and cds including games films and music at a car boot sale which is sort of like a giant communal garage sale the estimated value of the counterfeit merch was over 500 000 british pounds which adjusted for inflation is over a million us dollars in today's money while much of the stock was fake game discs for the then newly released doom 3 on xbox there was also software previously unseen by the uk anti-piracy officials fake gamecube mini dvds this was noteworthy as the gamecube was much harder for pirates to crack than microsoft's xbox or playstation 2 and signified a breakthrough it happened with gamecube modding somewhere behind the scenes one of the main hurdles for pirates was the system's use of many dvds which were more difficult to replicate than standard sized optical disks that was until the uk-based company daytel figured out what made the system's disk so hard to crack the gamecube mini's dvds each have their own unique burst cutting area or bca as do most regular cds dvds and blu-rays this bca is read by the system's optical laser lens just like a barcode but not only do the mini dvds have unique bcas they also have six unique marks burned on the discs that are at a very specific and equal distance these marks have to be burned onto the disc with a special laser and can't be replicated using a standard dvd rider the gamecube checks not only the bca but that the six marks are in the right spot and if everything checks out the game starts up if one of these marks is even slightly off however the gamecube won't boot the disc this is of course only the case if the gamecube hasn't already been modded with special hardware to interfere with these checks but daytel figured out a simple way to get their software running on the gamecube by adding a custom bca that tricked the console into thinking the disk had the six marks in the right place after this was discovered daytel published their first action replay mini dvd for the gamecube in 2003. this action replay disc let players input cheat codes into save files on your memory card for home brew software on the other hand daytel seemingly reversed this process rather than having a custom disk save custom data onto a memory card daytel released their own sd media launcher which allowed you to load your own software from the system's memory card slot including gamecube game iso files outside of daytel's sd media launcher tons of other custom memory cards were made to load files from your own sd cards usbs or even devices that aren't intended for data like the usb gecko the usb gecko is a custom memory card that was designed for gamecube development and homebrew games and apps but is more popularly used for loading game cheats and exploits but these aren't the only ways to boot up gamecube iso files in 2003 sega released a port of their dreamcast original online rpg fantasy star online on the gamecube one of the game's key features on the gamecube was its compatibility with nintendo's broadband adapter which allowed the game to connect to the internet to keep itself updated and let gamers play with each other on the game's dedicated servers some hackers figured out that by changing dns and ip address settings they could trick the game to connect to custom programs running on their own pcs using an exploit dubbed pso load the program developed for the exploit disguised itself as an official fantasy star online server that leaves the game always waiting for a connection this would allow hackers to send custom gamecube executable files to their system and run them from fantasy star online this exploit could not only be used to run custom files from the gamecube but allowed the gamecube to send data from itself back to your pc this hack was an efficient way to send your currently loaded gamecube game to your pc is an official backup file while it was a successful way to run homebrew it was quite time consuming as any time you wanted to run homebrew you must first load into fantasy star online like the wii the gamecube also has its own homebrew utility similar to the popular home brew channel in the form of swiss swiss is an all-in-one home brew tool that allows you access to file browsing custom dvd support and offers support for previously mentioned custom memory cards like the usb gecko swiss even lets you force 16x9 widescreen and progressive scan on real hardware the gamecube not only had homebrew for the native console but also homebrew for its add-ons such as the gameboy player gameboy interface is home brew software that allows anyone to play game boy games without the use of nintendo's game boy player startup disc and also lets you play game boy to game boy advance games in various different modes the software standard edition allows you to play game boy games more cleanly on modern displays such as lcd and oled tvs and monitors with hardware like usb gecko the standard edition can also be used as a game boy advanced development kit other versions of the game boy interface are optimized for speed running game boy games as well as a version that's more optimized for video capture devices other features outside of software variants include using the game boy advancer nintendo 64 controller as a controller for the gamecube and even offered rumble support for the gba using official nintendo games and cartridges such as drill dozer warioware twisted and the nintendo ds rumble pack outside of the game boy player additional gamecube ports could also be used as an exploit for homebrew the sd2sp2 chip is a custom pcb board that lets players use their own sd card as a form of memory for the gamecube what makes this unique compared to custom memory cards is that sd2 sp2 takes advantage of the gamecube's serial port too interestingly enough unlike the high speed port and serial port 1 which are used for the game boy player and nintendo's broadband adapter respectively the gamecube's serial port 2 was never used officially by nintendo giving hackers access to both official nintendo accessories as well as their own hardware like sd2sp2 as long as their gamecube has the right homebrew setup the gamecube also has plenty of hardware modifications that aid in homebrew one of the more popular hard mods for the gamecube is a mod chip named xenogc this mod chip is applied to the system's optical drive logic board and injects its own custom patch onto the system this patch would give a lot more freedom to your gamecube by adding features such as region free game loading making your gamecube act as both a pal and ntsc console made dvd-rw content readable which allowed you to play custom gamecube discs and much more one important play in the mod chip's popularity is its easy accessibility to hard modding newcomers and its cheap pricing but like most mods that were designed for hobbyists to play around with it was also abused by pirates despite nintendo's efforts to make gamecube games difficult to reproduce one feat hackers and programmers have found success with is emulating the system's hardware itself the popular gamecube emulator dolphin was officially released on september 22nd 2003 almost exactly two years after the gamecube's official september 14 2001 launch in japan since its release the dolphin emulator has actually surpassed the original gamecube and features many of which are used to modernize the gamecube playing experience such as adding a 16x9 widescreen support forced region change gpu overclocking seamless online play and by far its most popular feature wii emulation since it's open source the dolphin emulator can even be modified to include even more features most recently a group of programmers led by an engineer going by the alias fizzy created a custom version of dolphin named slippy which adds features like online matchmaking to super smash brothers melee while the dolphin emulator is still updated and worked on to this day a specific version of the software was worked on very briefly this emulator was titled the dolphin triforce and the goal of the emulator was to run official triforce games on your own hardware the triforce hardware was an official collaboration between namco sega and nintendo and was used by the trio of companies for their own arcade games such as donkey kong jungle fever f-zero ax and mario kart arcade 1 2. the triforce was made using official gamecube hardware specifically the gamecube's custom graphics chip by ati nicknamed flipper the triforce could be modified by namco or sega at their own will with sega even opting to use the same optical disk format as their dreamcast console dolph and triforce naturally let players emulate these arcade titles and this isn't the only connection the gamecube has to emulation in july 2018 security expert james chambers figured out that you can load custom nes rom images onto your gamecube using nintendo's popular title animal crossing within animal crossing you can obtain a generic nes console item usually nes console comes bundled with one of 19 nes games in animal crossing most of which are locked behind e-reader cards or official giveaways when trying to interact with the generic nes console however the game will bring up the message i want to play my nes but i don't have any software chambers found out what the game was actually trying to do is find nes rom images in your loaded memory card chambers was able to not only load official nes roms but was also able to get custom nes roms he made himself into the game many have theorized why nintendo would include such a feature chambers himself believed nintendo could have used the feature to sell promotional memory cards with the nes roms pre-loaded onto them animal crossing could be used to load much more than just any s-roms though the same exploit used to load nes roms would soon be reverse engineered into loading custom gamecube files known as dole files did you know the nintendo ds can be used to spread malware as demonstrated at defcon a hacking convention in las vegas nevada at the con two men named ki chan ah and dong zhu ha demonstrated a variety of ways the ds could be cracked and infected in order to raise awareness for example malware can be placed in a pirated copy of a game then uploaded online where it can spread to other systems after the code is loaded onto the ds the malicious code can take over the network the ds is connected to and spread the malware to anything from computers and smartphones to smart tvs interestingly malware existed on the nintendo ds as far back as 2005. one example is trojan ds brick a which was often disguised as a rom loader people were often tricked into using it with their ds where the code would immediately erase the ds's firmware and other critical functions the system would become inoperable or bricked and the screen fittingly displayed a brick wall another result of hacking the ds was inevitably piracy according to a report by the computer entertainment software association in 2010 pokemon platinum diamond and pearl were the three most pirated games on the nintendo ds according to the cesa the trio were pirated 5 375 178 times in japan alone costing nintendo an estimated 269 million dollars in lost sales in an effort to combat the ds's rampant piracy nintendo joined forces with 54 other japanese companies including square enix capcom and tecmo together they lobbied the tokyo district court to ban the sale of r4 carts in japan r4 carts were a popular brand of flash cartridges which were able to run rom files directly onto the ds including illegally obtained games while the petition was ultimately successful the ban only affected the r4 brand in particular leaving many competing flash carts to fly under the radar nintendo followed this up with a suit against the magikon flashcart brand which they also won however stores continued to sell magikon and other flash carts regardless nintendo filed yet another lawsuit seeking compensation for damages from flash cart sellers the company also set up a website asking people to report retailers selling flash carts and other piracy related devices and pirated games in south korea the korean custom service cracked down on a ds piracy ring charged with selling over 90 000 pirated games game copiers and a legal contraband worth an estimated 87.2 million dollars in an attempt to evade authorities the ring operated their business out of internet cafes and on websites based in other countries some of the pirates even hired employees to help manage their stores paying them out of bank accounts created with false names nintendo's crusade didn't go over so well in france nintendo suffered a major loss in a lawsuit against davinio group a french flash cart manufacturer the suit went all the way up to france's highest court where the judge ultimately ruled nintendo was in the wrong for trying to deny users the right to use flash cards furthermore the judge pushed nintendo to be more supportive of independent development unsurprisingly nintendo wasn't keen on the idea and took precautions to make the next iteration of the des the nintendo dsi unhackable however hackers announced they'd cracked the system just three days after its launch nintendo attempted to fight back through firmware updates for example while the dsi's 1.41 u update claimed to provide behind the scenes improvements to the system's performance it actually focused on anti-hacking measures the update attempted to lock out a number of the most popular flash cart brands many ds flash carts had updatable firmware of their own though giving flashcard users a way to respond to and circumvent nintendo's attempts to lock them out although nintendo ceased updating the dsi in 2012 hackers have continued to find new methods to crack the handheld for example a popular hacking method using the dsi's flipnote studio app became impractical on new systems when the dsi shop closed in 2017. this effectively meant anyone who didn't already have flipnote studio installed could only hack their dsi by modifying the handheld hardware inside then in late may 2019 hacker shutterbug 2000 found a new method dubbed the memory pit which exploited a vulnerability inside the dsi's camera app since the app came pre-installed on every dsi system this once again opened the doors to dsi hackers everywhere as well as adding anti-hacking measures and firmware to curb piracy many developers including nintendo placed anti-piracy measures in their games some efforts were straightforward such as with kirby mass attack which simply prevented the game from booting or progress from being saved other measures were sneakier like in dragon quest v hand of the heavenly bride if the system detects a pirated rom the game will play out as normal for a while until the player reaches a ship from here the game will be stuck on an endless loop with the ship never reaching its destination a simpler variation of this technique was used with final fantasy crystal chronicles ring of fates if the ds detects the game as a pirated copy the play session will be cut short after 20 minutes and the message thank you for playing will appear on the screen the legend of zelda spirit tracks also attempted to stop players from playing a pirated copy in this game the touchscreen's ui which lets the player control the train's speed and movement will never appear if the game isn't a legit copy this means players will inevitably fail very early on in the game and be unable to progress possibly the most creative anti-piracy measures can be seen in the ds version of michael jackson the experience if the system detects foul play the game won't display vital touchscreen cues and also drowns out the game's music with the sound of vuvuzela's vuvuzela's entered the western mainstream thanks to the 2010 fifa world cup in south africa where south african fans constantly used vuvuzelas this inadvertently drowned out anything else in the stadiums and annoyed many despite nintendo's battle against hacking most hackers aren't pirates at all in fact the ds has a lively home brew scene that enjoys creatively and legally using their ds's in a number of imaginative ways for example steve chapman grew tired of lugging around his heavy cumbersome energy-hungry laptop when using his dslr camera pushing him to look for a smaller alternative chapman wrote after mentally specking out what i would need i realized the solution was right in front of me because i bring it with me for mario kart ds wireless races on long night jobs chapman made his own specialized program and connected the camera's cord through the ds's game boy advanced cartridge slot after some experimentation chapman's ds dslr creation was able to outpace his laptop and performance chatman was even able to use the ds's built-in microphone to have his camera take pictures via audio cues saving him hundreds of dollars on buying an official accessory for the same purpose other hackers have looked to software modding to expand what their dss can do leading to the creation of many homebrew apps for example the homebrew app moonshell ds allows users to turn the handheld into a multimedia player ds twitter and fb4nds allows ds users to post on their twitter and facebook accounts via the handheld and the remote touch app can be used to control your computer via the ds there's hundreds of home brew applications and entire communities have cropped up around their development the ds is made for a popular emulation device too there are custom built ds emulators for everything from the nes and genesis slash mega drive to more niche programs like scum mvm which emulates point-and-click adventure games of course people didn't forget about the games many hackers have used their skills to alter and improve some of their favorite games via rom hacks the legend of zelda spirit track's d-pad controls rom hack allows gamers to play spirit tracks with more traditional button based controls other rom hacks add new characters to super mario 64 ds including waluigi donkey kong and sonic the hedgehog meanwhile castlevania dawn of sorrow definitive edition seeks to completely overhaul the original game with new character portraits a reworked luck system tweaked controls bug fixes and other quality of life improvements some rom hacks change up the base game entirely to create a new one instead such as new super mario brothers 3. this hack is a complete remake of the original super mario bros 3 using the new super mario brothers engine and includes custom content as well on the other hand some hackers have created their own entirely original homebrew games still alive des is directly inspired by valve's portal but reworks the concept into 2d lone wolf ds officially takes joe denver's choose your own adventure game books and recreates them on the ds the game handles all of the dice rolls and stats allowing the player to focus on the story these games and many more are completely free requiring only a flash cart to enjoy hackers have even managed to bring the nintendo ds's wifi capabilities back online after nintendo shut down its servers in 2014. programmer michael lele recalled i'd been following another online service revival for the resident evil outbreak games however because the us versions of those games use a different network that never got analyzed in time before it was shut down they'll probably never be supported i didn't want that to happen to literally every ds and wii game so i went to work recording data from as many games as i could and trying to get others to help after being donated a server to use lily and a group of like-minded hackers joined forces to build a python scripted alternative to nintendo's wi-fi service using the homebrew server compatible games once again function as they originally did with working friends lists matchmaking leaderboards and other online features the homebrew server also periodically sends out heartbeat signals to ensure everyone in the party is still connected the team is since focused on improving the server and expanding its compatibility among the ds's library brenton a member of the team stated the project has since grown to be much more than what i envisioned and i'm grateful to have people who are willing to dedicate their time and skill to helping out in whatever ways they can i'm happy with what has been accomplished which is enough to make me feel like my time and energy has been put to good use did you know the wii was a hotbed for piracy throughout its lifetime in a report the wii was named the most pirated console of 2010 with almost 26 000 available torrents the most pirated wii game in both 2010 and 2011 was super mario galaxy 2 which comfortably cleared a million downloads in both years not all of the wii's unofficial content involved bootlegging though very soon after the console's launch an independent website called wii kade hosted flash based games intended to be played with a wii remote gamer sutra even reported on week 8 on november 20th of 2006 just one day after the wii's launch in north america and before the wii's opera browser was even available wiicade was created to promote smaller developers and helped them program games for the wii's unique hardware additionally the wii was subject to a lot of homebrew software and hacks an important figure in the wii hacking community was ben bushing buyer while ben didn't gain much himself he bought a wii after playing one at his boss's home in 2008. bushing tended to hack everything he owned and the wii was a prime target as it was a new piece of hardware that hadn't been cracked yet bushing was introduced to other wee hackers by a co-worker and they would pass ideas back and forth about cracking the wii meanwhile nintendo would include the latest version of the wii system software on almost every game they released presumably so players without internet access could update their console but this also gave hackers a large amount of code to work with the wii central processing unit was a power pc chip named broadway but hackers were unable to disassemble the wii's software as power pc code further experimentation revealed that it was actually arm code arm which stands for advanced risk machines is an architecture software often used in lighter devices like smartphones due to its low cost and power consumption strangely the wii didn't seem to have an armed chip anywhere the team soon learned that the chip was buried deep within the wii's graphics processing unit named hollywood a hacker called sega nicknamed the chip starlet as a play on the wii's hollywood gpu and broadway cpu as well as controlling most of its peripherals starlet was responsible for the wii's security making it the major obstacle for hackers to defeat but amazingly this technical hurdle was overcome using a simple set of tweezers the hacker tumbink was able to obtain the wii's encryption keys from his console's memory by going through the gamecube architecture running homebrew code in gamecube mode was easy thanks to a better understanding of the gamecube the problem was running the console in gamecube mode locked away all of the wii's features the starlet chip was also responsible for limiting the amount of memory in use while running in gamecube mode essentially the starlet would only let the processor see the lower 25 of the wii's total memory important codes such as the common key that allowed the decryption of most wii content were kept outside of that range so it couldn't be accessed via the gamecube mode by shorting some address lines using a pair of metal tweezers starlet would be tricked into changing which 25 percent of the memory was visible essentially hackers could slide the window of visible data to show different sections of ram the wii's memory was not cleared in gamecube mode merely restricted and so the hackers could use this trick to map out restricted segments including the decryption keys the plundered data was then sent to tumbing's computer via a serial port soldered onto the gamecube controller port the hackers chose the name team tweezers in honour of this their first major breakthrough and the first dent in the wii's armor bushing said the amount of hoops the team had to jump through spoke to the quality of nintendo's security decompiling the code was a long and tedious process with no documentation to guide them the team had to infer the purpose of each line of binary code by examining and comparing the cpu gpu and the disk all at once each discovery made it easier to progress a piece of code responsible for resetting the system in wii sports also helped the team understand the same code in zelda team tweezers were responsible for creating the earliest known way to install homebrew software on a wii without hardware modifications the twilight hack named after the legend of zelda twilight princess the twilight hack exploited the buffer overflow error caused when the console tried to load in an edited twilight princess save file the file was manipulated so that link's horse's name literally contained a small program this program is much longer than the game's character limit so it cannot be entered in the game legitimately however the game doesn't check the character limit while loading a save file so when the game tries to load the horse's name into memory it can load the program memory which just so happens to be the next region that the system will execute the hack runs a boot file from the root of the sd card allowing unofficial content to be loaded on the wii in the wake of this discovery team tweezers homebrew channel saw its first public release with beta 7 on may 24 2008 the channel was intended to let users launch unofficial applications on the way listing them from an sd card or usb mass storage device development of the twilight hack was tricky without access to the proper debugging tools it was difficult to ensure that twilight princess crashed in a consistent way nintendo began to fight back as well on june 16 2008 they released system menu 3.3 which was designed to check for and delete the twilight hack this led to the release of the 0.1 beta 1 version of the hack which managed to circumvent nintendo's fix it took until system menu 4.0 to be released on march 23 2009 for the twilight hack to be truly overcome but despite this the relationship between team tweezers and nintendo wasn't always adversarial on july 17 2008 pushing announced on hackme.com that he'd contacted nintendo to advise them about a potential security issue one that would allow pirated wii games to be played on an unmodified console bushing refused to disclose any details about the bug only notifying nintendo and asking for an engineer to get in touch with him the decision was met with some backlash from the community bushing received multiple emails some demanding to know why he was helping nintendo some asking him to divulge the information and some even posing as a nintendo representative to trick him into disclosing the details about the exploit in response bushin's post was updated to include the addendum i did not post my email address here to invite you to debate this with me suffice it to say that i have put more thought into this than you have and when you find your own exploits you can decide how to handle them team tweezers chose to present this bug to nintendo for three reasons firstly the bug could be presented as a piracy related concern allowing them to contact with official channels secondly the bug wasn't useful for legitimate homebrew and thirdly it was a design flaw and so nintendo were unlikely to be able to patch it anyway team tweezer's attitude towards the bug was reflected of their overall philosophy they were completely disinterested in piracy and they refused to enable any bootlegging through their hacks bushing wasn't worried about legal repercussions as they hadn't broken any laws and mod ships were far more problematic for nintendo bushing expected a response from nintendo only if the homebrew scene actively contributed to piracy unfortunately for team tweezers it wasn't long before the homebrew scene contributed to piracy on may 26 2008 the hacker one in coco released the wii word manager 1.0 a wad is a native wii file for a game or app the wad manager exploited a bug that let the software work as if it had an official signature effectively blowing the doors to piracy wide open it proved to be controversial as a result and team tweezers refused to endorse it despite members bushing and marcan being thanked in the credits for the release in fact the team took efforts to thwart its interactions with their homebrew channel in the 1.0.4 update a feature was added where the homebrew channel would turn itself upside down if it detected the user had modified its contents or installed it using a wad manager one in coco continued to be a controversial figure in the scene in september 2008 he released an iso loader for the homebrew channel allowing isos to run on unmodified hardware making pirated games easier than ever to run ironically bushing had warned nintendo about that exact exploit a few months earlier the iso loader was leaked online before its official release leading to one incoco quitting the project team tweezers were annoyed with one in coco's conduct market accused those of promoting the iso loader of using tweezers work to promote piracy he described one incoco's apps as thin rappers around existing code or tools written by others in a post titled thanks one in cocoa bushing credited the release of the first pirated virtual console release to one in coco's release of his nand fs dumper which exploited the wii's permission system letting it read titles on the console team tweezers foresaw their homebrew efforts being used for piracy which was one of the main reasons they never stopped releasing tools and code for the community bushing believed that team tweezers not releasing any more information delayed the spread of the piracy by around four months he made an appeal to hacker's morality saying developers need to eat too and offered practical reasons for not pirating games on the wii he suggested that piracy would speed nintendo's response to exploits and loopholes and ultimately hinder the homebrew scene as a whole nintendo had already proven themselves to be strewed strategists in february 2008 dettel released their freeloader import disk in pal territories which let users bypass the system's region locking to play games from all around the world in response nintendo updated the wii with iso 37 to block its use but never bothered to activate the code bushing speculated that this was designed to stall the tell at this point the pal disks had already been pressed but the imminent threat of iso 37 stall dattel from releasing an ntsc freeloader until the patch had been implemented but the imminent threat of iso 37 would stall detail from releasing an ntsc freeloader until the patch had been implemented and they could find workarounds bushing estimated that if nintendo were to plug the hole that when incarco exploited with the nand fs dumper it would take months for him to find a way to downgrade the wii's ios the scene's differing philosophies created a rift in the wii hacking community team tweezer were insular with holding info and sharing bugs with nintendo to help steer the scene clear of piracy however the detractors saw this as a needlessly elitist attitude expecting nintendo to group them all together anyway the increasing popularity of wad managers and editors increased scrutiny on the homebrew scene due to its flourishing association with piracy complaints also came in from users that edited their we files without proper expertise one common cause of grief was known as banner brick where a user would attempt to install or change an incorrectly sized banner this would result in the wii immediately crashing once it was past the health and safety screen as though the system files were corrupted solutions to the problem were dependent on the user's console revision and whether or not they had homebrew applications such as boot me installed before the brick in a worst case scenario a user may have to send the console to nintendo to be fixed the ease of wii hacking led to the creation of many community mods and homebrew games the most famous of which is undoubtedly project m project m was a mod for super smash brothers brawl that tried to bring it more in line with melee's gameplay the project m development team made it clear that they didn't support piracy or permanent alterations to nintendo's systems the mod could be installed using a legitimate copy of the game and a 2 gigabyte sd card the project started in 2010 with a relatively humble goal of replicating falco's melee moveset in brawl but eventually expanded to include brawl's entire roster as well as some additional characters like roy and mewtwo the developers were careful to avoid introducing characters that might jeopardize their already tenuous standing with nintendo these included third-party characters that may have made nintendo fearful of legal action and newcomers to super smash brothers for wii u and 3ds that may have led nintendo to viewing them as competition despite their best efforts nintendo banned the phrase project m on their miiverse messaging service and put pressure on twitch and fighting tournaments to limit project m's exposure project m was extremely popular enjoying 3 million downloads over its lifetime and was even featured in major tournaments however it was suddenly discontinued in december 2015. did you know the switch's hacking scene has often been compared to a cat and mouse game between hackers attempting to crack the switch and nintendo's efforts to stamp them out for instance the switch's 7.0.0 update used a scrambled batch of code in an attempt to slow hackers down this ultimately bought nintendo a mere four hours before hacker elmirak cracked the update nintendo has not responded to hackers lightly outright banning the switches of identified hackers from accessing online services reports have surfaced that nintendo even banned unhacked switch consoles that merely connected to hacked switch consoles a bug found in the switch's nvidia tegra x1 allowed hackers to access the switch's boot rom to install a range of programs on the switch hacking group fail overflow explained this bug is in the recovery mode which is a usb based rescue mode intended for initial flashing of tegra devices and recovery of bricked devices the recovery mode only allows signed images to be loaded but thanks to the bug arbitrary code execution is possible by overflowing the recovery mode with data from another computer hackers were able to circumvent nintendo's security methods this led to some pretty interesting programs running off the switch for instance some hackers transformed the switch into a handheld linux machine capable of running the dolphin gamecube and wii emulator as the bug was on a hardware level in the boot rom it cannot be patched by nintendo through software updates however hackers noticed that nintendo quietly released a hardware revision of the switch around july of 2018. this new model had a new boot rom specifically to thwart the exploit nevertheless the millions of original model 1 nintendo switches released before the hardware revision remain permanently hackable to this day despite nintendo's known zero tolerance approach to hacking one hacker spoke up kate tempkin creator of a switch cold boot software launcher fusey gelly personally disclosed the details of her exploit to both nintendo and nvidia temkin wrote i can tell you it wasn't fun to find a bug with such a broad impact it significantly complicated the ethics involved given the potential for a lot of bad to be done by any parties who independently discover these vulnerabilities i thought it best to disclose this immediately the hacking group fail overflow also revealed the information around its hack and distanced themselves from pirates saying the bug will be made public sooner or later so we might as well release now along with our linux boot chain and kernel tree to make it very clear that we do this for fun and homebrew and nothing else an example of for fun hacking is german android developer max keller's experiments installing android onto the switch there's also bee bird a homebrew application that allows users to overclock their switch's gpu to potentially achieve better in-game performance indie game developer amir rajan attempted to join in on the fun by secretly including a ruby code editor and interpreter in his eshop game a dark room as an easter egg by connecting a usb keyboard and pressing the tild key while running the game players could effectively turn their switch into a ruby programming machine after the game's release rajan posted how to access the secret online this surprise was not well received by nintendo who promptly removed the game from the eshop altogether a darkroom's publisher circle entertainment was left scrambling to deal with the fallout rajan told eurogamer i deeply regret how this has blown up a simple toy sandboxed environment has been framed as this massive exploit it was a last second spark of inspiration and i snuck it in assuming that plugging in a usb keyboard and pressing the tilt key wasn't part of the test plan i don't know what to say except i'm sorry and all i wanted to do was allow kids to discover what i discovered 25 years ago to be fair to nintendo seemingly innocent switch hacks have been abused in the past for example hackers managed to break into the switch's dev menu an application used by developers for creating content for the system a hacker going by raci yukaku discovered a means of successfully uploading custom profile avatars onto the switch that could be seen by other players unfortunately a select number of individuals used the exploit to upload especially lewd images as their profile pictures reports of gamers running into their balloons in super mario odyssey's luigi's balloon world mode surfaced soon after ray sukaku lamented i don't condone that behavior and this is why we can't have nice things the story made waves through the gaming press prompting a nintendo spokesperson to officially comment on the matter the spokesperson said a very small number of consumers have been using modified nintendo switch systems to display inappropriate or unauthorized material in certain online games nintendo always strives to provide a positive experience for all consumers and this includes continuously monitoring all threats to its product security and taking swift and strong action to prevent them modified nintendo switch systems have been banned trolls are far from nintendo's biggest concern as there's a darker side to the switch hacking scene piracy pirates have managed to leak numerous switch games such as diablo 3 dark souls remastered and super mario party before they even hit store shelves while many games are leaked a few days before their official release this isn't always the case pirates managed to get hold of super smash brothers ultimate almost two entire weeks before the game's launch posting pre-release games online isn't a simple process with middlemen operating between pirates and leakers these middlemen safely hand over dumped games from leakers to the pirates who make sure the middleman's identity is not revealed there can be others involved as well such as those who reverse engineer nintendo's tools and programs to break them open for hacking there's also coders who create and improve pirating software among others some people have managed to download games early directly from nintendo by using software to gain access to the company's servers upon obtaining the game keys which are typically used by reviewers to unlock digital review copies the games are opened up for anyone to play even then playing a pirated game isn't as simple as downloading a file instead pirates must access the switch's recovery mode download and install a boot menu to launch homebrew software and then use another custom program to actually play the pirated game though hacking on the switch has been a long collective effort not all hackers play nice for example one particularly devious pirate uploaded a version of d-author to 4chan d-author is a piece of piracy software typically used to generate authentication tokens to connect a computer to nintendo servers however this version of the program had been maliciously altered to steal each user's switch certificate an important code unique to every switch console that allows the system to connect to nintendo's servers it would then upload the certificates to the pirate's own server simon the author's original creator suspects the malware was created in a huge pirating scheme he told motherboard whoever did this required lots and lots of certificates as they knew they'll get caught out pinpointed by nintendo and banned quickly in retaliation simon created a spamming program built to upload random nonsense onto the pirate server in hopes of overloading it another user went as far as to dox the pirate incidents like these aren't uncommon on the switch's pirating scene either a group of pirates under the banner team executor have attempted to profit from switch piracy by selling their own pirating software executors sxos is a custom firmware that claims to make pirating easy allowing users to play games on the switch directly from a microsd card despite being pirating software sx os comes with some particularly nasty anti-piracy measures the program contains a brick code that will completely lock up the switch's emmc internal memory basically rendering the console useless if it detects the user is trying to crack the program sx os brick code along with accusations that executor has stolen work from other hackers to create their firmware has earned the team a number of enemies among the hacking community kate tempkin stated i completely detest what i've seen of their practices and methods not just do they publicly endorse piracy and seek to profit from keeping information to a few people but they're also willing to drop a zero day that affects a broad swathe of devices on the public without any responsible disclosure all in all i think the team executor seems to be without morals or scruples and i am happy to do as much as i can to reduce their profitability and thus de-incentivize these kinds of awful behavior nintendo for its part has gone a step further than just wielding its ban hammer they devised a means to ban the pirated games too each switch game card has its own unique certificate built in from the factory just like the consoles themselves digital eshop games are coded to specific consoles and nintendo accounts upon purchase by tracing these certificates nintendo can easily determine whether a game card is an original legitimate copy and if a user's account legally owns the digital games they play for example if someone grabs a pirated switch game that has been dumped online nintendo can recognize the duplicated certificate and ban not only the pirated copy but the original game card as well as every subsequent pirate copy of the game as soon as it goes online while pirates can attempt to avoid being banned by strictly playing illegally obtained games offline as technical writer kyle orland hypothesizes the switch's system firmware could also theoretically detect pirated games being played offline then bury a flag in the hardware to activate a network band the next time the player logs online this method has raised some concerns as those who purchase pre-owned switch games could unwittingly buy a legitimate game card that has been permanently banned regardless nintendo hasn't stopped there and has even started taking pirates to court in december 2018 nintendo of america filed a lawsuit against california resident mikhail uskadulnak who sold and installed team executor's piracy products onto switches as well as other pirated content through offer up nintendo alleges that mikel illegally hacked 100 switch consoles and expects a hundred and fifty thousand dollars for each copyright infringed furthermore nintendo hopes to sue anyone else involved with mikelle's pirating operation such as those connected to team executor the team stated we believe even in the usa our product should be absolutely legal but ultimately it will be on this court to decide we hope it will be with absolute fairness and not under the pressure of another big corporation did you know that doom 2016 was in development for so long that one of its developers had four children between the game's conception and its release or that black and white 2 will whisper the player's name when somebody dies for more pc facts check out the video on screen i love my pc i just got myself a new one uh finally upgraded to the modern age of rtx architecture it's pretty cool man though i haven't actually played many games on it yet because i've been too busy talking about them instead

Info

Channel: DYKG Clips

Views: 1,780,782

Rating: undefined out of 5

Keywords: nintendo piracy, nintendo, nintendo 64, n64, nintendo gamecube, gamecube, nintendo wii, wii, nintendo switch, switch, n64 piracy, gamecube piracy, nintendo ds, ds, nds, ds piracy, wii piracy, switch piracy

Id: SvL93pNRbfY

Channel Id: undefined

Length: 56min 5sec (3365 seconds)

Published: Thu Mar 31 2022