
Unravelling Konami's Arcade DRM - sohkamyung
http://mon.im/2017/12/konami-arcade-drm.html
======
tptacek
_After 15 minutes spent trying to decipher this, I simply translated the code
into Python and iterated infinitely. Turns out, this is how you perform big-
endian addition without actually converting the number to little-endian. An
odd way of doing it, but perhaps a compiler optimisation. It turns out they’re
actually using AES_CTR, but instead of incrementing the entire counter IV,
they’re only using the last 4 bytes. A little strange, but if your encrypted
file is 232_ 16 bytes long, you have other problems to worry about.*

Not all that strange. The "counter block" is normally split into a nonce,
which allows you to reuse the same key on multiple messages without generating
a duplicate keystream, and a counter; an AES block is 16 bytes wide, so a 64
bit counter is more typical, but I've seen 32.

Doing that can even make sense, if you have bounded message sizes (<64 gigs)
--- the larger the space you allocate for the nonce, the safer it is to
generate nonces randomly, rather than using a system to remember all previous
nonces to avoid collisions.

------
distantsounds
This stuff has been documented in private circles for over a decade now, and
hasn't been made public because these games aren't available to play outside
of owning a cabinet in Japan or acquiring the data via less-legit methods.
While it's a fun exercise to explore, the real-world application is sadly
limited to grey-market implementations that Konami frowns upon, which
reinforces why the exposure has been limited.

~~~
RealityCzech
Information wants to be free.

~~~
distantsounds
Not sure how releasing this information benefits anyone. The games are sold
and distributed by Konami directly, and only to licensed arcades.

~~~
csydas
Well, the process itself regardless of the data is interesting. Likewise,
surely for archival purposes once the games are decommissioned and people want
to preserve them it will be useful to have, no?

I find your response just a bit weird; it's a nice break down of niche and
likely easily lost technology once Konami et. al. are done with it. It's a
nice read, well written, serves those looking to archive these games in the
future, and also is a great high level overview of the reverse engineering
process.

Is the issue that it has no immediate benefit to you?

~~~
yerasame
There's a lot of politics in this particular scene regarding game and network
services cracking.

------
Fej
This is the company that continues to ship new games with Windows XP Embedded
(they are allowed to due to a technicality in the licensing agreement with
Microsoft). No one expects them to up their security game all of a sudden -
and I sure hope they don't :D

Of course, thank you to all of those who have done this type of work over the
years! You know who you are.

~~~
russelg
Well they're moving to WES7 for games now (museca/gitadora/nostalgia/maybe
iidx 25), so they'll eventually move them all likely.

------
NKCSS
I love reading stuff like this.. thanks for sharing!

------
jordigh
MAME has long lacked support for certain Konami games. Is it because of this?
Could MAME now support those Konami games, in jurisdictions with no anti-
circumvention laws?

~~~
distantsounds
Konami didn't start using Windows for its games until IIDX 9th style, Pop'n
15, DDR X, and Drummania V...6 i think?. Before that, it was all custom
hardware, based off of the PS1, PS2, or just an in-house creation. Older IIDX
for instance uses a combination of a CD drive, a DVD drive, and an IDE drive
for storing all its data, not to mention ROMs soldered onto the boards. The
MAME team has actually just started to get the older games working, but
require dumps which are hard to come by - thankfully the fans of these games
have been collecting dumps for years and they are slowly being cataloged and
added in.

DDR has been a thorn particularly because they used a custom chip for decoding
encrypted MP3 streams in the System 573, something that MAME hasn't wanted to
touch due to patents.

I highly doubt the newer games will go into MAME anytime soon - partly because
they all run Windows XP embedded, and also because they are most likely
considered "too new" for inclusion.

~~~
kevin_b_er
The major patents on MP3s are dead now and Fraunhofer shut down their
licensing program. If that's the patents they're worried about, they're done.

