CPS-2 Encryption Scheme Broken 45
Acheon writes: "The CPS-2 arcade board from Capcom uses some hard encryption scheme that has been a very hot issue in emulation for years. Yet finally the code was broken Final Burn, a quite recent arcade emulator, showed concrete results by running previously unsupported games such as Street Fighter Zero using decrypted ROM images. The CPS-2 Shock Team, who managed to reverse engineer the process for scratch, really outdone themselves and it is a very uncommon achievement." Thanks to Jamie for also pointing out more info.
XOR file intellectual property of capcom? (Score:1)
Re:Responsible Emulation (Score:1)
With emulation going more mainstream every day, there are a lot of people around today that treat and use emulation as another form of warez. But the people writing the emulators, and the old-skool fans have two driving interests in this. Most important is the technical challenge involved. And in the background, there is the idea of preserving 'video game heritage'.
CPS2shock are acting completely within these aims in doing what they have done, and not going any further. They have no interest in playing the latest titles, and they don't have anything but respect for Capcom. This isn't an 'us and them' issue, unlike most encryption stories. This is more about responsibility and technical excellence.
Re:Are we supposed to be suprised? (Score:1)
Go and actually read their website, and you'll realize how stupid you sound...
Re:MAME's Status? (Score:1)
What about the DMCA? (Score:1)
Re:MAME's Status? (Score:1)
Re:Responsible Emulation (Score:1)
And to the team, congratulations, a great achievement.
.technomancer
Go look up the definition of an Encryption break (Score:1)
Any method that allows you access to encrypted data is a break.
Any process that allows you access to all possible encrypted data of a given crypto system (such as CPS2) is a break of the Encryption system.
Herein lies the falacy of media encryption. Eventually the decrypted data must be made available to the machine, and that makes it available to any hacker of the machine. Even if CSS was not broken, DVD rips would still be possible for this very reason (Just hack the code of a DVD player to dump the screen frames to an AVI file).
You have to understand, that a break consists of any method that allows you to get the decrypted data in less time than it would take to do a brute-force attack.
Go study a good crypto good, like Applied Cryptography by Bruce Schneier before you think to argue with the above.
Re:What about the DMCA? (Score:1)
Re:oh PLEASE! (Score:1)
What you fail to recognize is that the words "crime", "thief" and "property" are all arbitrary. We don't all put the same meaning into them, nor should we. So your intolerance to other interpretations than your own makes you blind as a bat in a hat!
- Steeltoe
An argumentative mind can't hold any wisdom, so wise men leave them alone.
Re:"It shouldn't be hard now." (Score:1)
Re:"It shouldn't be hard now." (Score:1)
"One intresting point so far is the fact one value ($235B) is the same encrypted as it is nonencrypted."
CPS2 Suicide (Score:1)
Since they're stored in an SRAM chip, should they be able to just read them out?
It's tamper-proof. Whenever the battery voltage changes, the SRAM holding the keys clears itself. This has come to be known as "Capcom Suicide."
Like Tetris? Like drugs? Ever try combining them? [pineight.com]
Re:CPS2 Suicide (Score:1)
Like Tetris? Like drugs? Ever try combining them? [pineight.com]
Re:oh PLEASE! (Score:1)
Re:oh PLEASE! (Score:1)
Re:"It shouldn't be hard now." (Score:1)
1) US export controls on crypto.
2) Key management difficulties makes using super tough crypto far less relevant. If people really try hard enough they can get the key for these systems, so why bother using really tough crypto. It's just to make things a bit harder.
Coz I doubt you'll see arcade operators sticking in their personal smartcards into their arcade machines and entering their pass sequences. (If machines get pirated, they can then trace them to the arcade operator).
Re:Encryption has not been broken. (Score:1)
I hate that phrase. You're not sorry at all. If you really felt bad about it, you probably wouldn't do it.
Yes, I'm glad you made the post. It was nicely informative. But you're still not sorry.
Re:oh PLEASE! (Score:1)
It really doesn't matter if it's an hour old or a million years old, you don't own it...
I'm not trying to make everyone stop downloading ROMs but at least I am realistic enough to say "I am fully aware I do not own this and I am going to download it anyhow" rather than deluding myself with weak-ass "justifications".
If you steal things, then you are a thief. At least recognize that and then resume your thievery. Don't say "I am not *really* a thief, I am more of a 'borrower' of items no longer in use since I only take older things".
oh PLEASE! (Score:1)
You know what? It's just as illegal to distribute an old rom that you don't own than it is for a new one. Did someone at Capcom call up the cps2shock guys and say "Hey listen, we are having a hard time deciding which of our older CPS2 titles should be released to the public for free, can you make the decision for us?" Yeah I thought not.
It's not that I have a problem with arcade emu because I don't. But I also don't lie to myself when I download a ROM I don't own by saying "Oh it's ok, this is an older game."
The one thing I noticed about a lot of people in the emu scene is how they look on "warez kiddies" with disdain and yet in most cases thats exactly what these people are. They run sites the same way, they trade other peoples property the same way.
The cps2shock team is trying to cover their ass and hoping they don't get swarmed by capcom lawyers.
Let's call a spade a spade here.
Re:CPS2 Suicide (Score:1)
Seems to make sense. Now I'm curious as to how it can be read by the cps2 board. The SRAM must be read sometime, by the hardware itself. How does that get past the countermeasure?
It is not that black and white ... (Score:1)
That was from a different system (Score:1)
Let me reformat that post ... sorry (Score:1)
Let's say that we made it more difficult, let's only encrypt/decrypt portions of ROMS at a time. If you do this you have to force the programmers to know what part of the ROM they were going to use at what time, or otherwise face some massive slowdowns as it decrypted it realtime upon access. If we made it so each instruction was ecnrypted at a time, then PGP would have been a massive failure. Thinking about how PGP works ... generate a random symmetric key, encrypting the data, then applying the asymetric encryption for key exchange. Far too much work to do on a per instruction basis. Remember this was 1993, we were still using 20mhz 386sx's then. Technology could not have kept up with decrypting per instruction.
Besides, if you used PGP in 1993, you probasbly still wouldn't have had a RTU in a commerical application, and you certainly wouldn't have had the right to export out of the US.
From what I've read about CPS2, it's quite an smart system. No matter what system you use, PGP or CPS2's encryption, you have to store the keys somewhere. Without a cryptographic smart card, it has to be placed in RAM or ROM somewhere. So Capcom put it in some extremely volatile ram, making any sort of tampering very difficult to do, much like disabling a bomb. Once the board detected tampering, then it would lose the keys and render the board brain dead.
Next they made it so the encryption worked in real time. It didn't have to be extremely strong, but it had to be fast. They relyed on the keys being protected by the suicide circuit.
From what I understand, the CPS2Shock first started watching the instructions as they were being loaded on the data bus. They never could have got all the data off the roms in this manner, unless every code branch was executed. But they learned what the CPU sees ... and they were able to inject their own code into the running system. From that point they were able to develop a brute force system to look at memory, and later they refined their technique to eliminate certain possibilites.
So CPS2Shock rocked the world by releasing the first translation table that made the encrypted ROMS useable. Next up, if they break the encryption, then they could simply attack the ROMS instead of having to use this process of finding the final value vs the value stored on the ROM.
It's sort of an security by obscurity, but I think that holding up for 8 years as well as it did, the CPS2 protection is still quite a formidable opponent. It may be even more difficult to break than the DVD code, since the keys for that hack were simply copied out of the code from a poorly implemented DVD player.
WIth CPS2, you don't have easy access to the keys, and the team broke the code through analysis, brute force, and key elmination. Next up they're going after the encryption itself since they now know both the decrypted info and the encrypted info.
simple (Score:1)
Re:"It shouldn't be hard now." (Score:1)
Just my $.02
Re:oh PLEASE! (Score:1)
Actually, there's a hack here [retrogames.com] to change the battery and keep the contents of the board.
Although, gotta say, I'd rather do it with a PSU and bigger same-voltage battery. Keep it alive for a bit longer.
Ben^3Re:What about the DMCA? (Score:1)
Calm down.... (Score:1)
Re:The *real* benefit (Score:1)
Encryption NOT Cracked (Score:2)
Re:oh PLEASE! (Score:2)
If you don't think its right, that's fine. But PLEASE don't confuse property rights with "intellectual property". Don't call it "pirating" or "stealing", because those words bring out extra connotations than what is actually being done. Call it "unauthorized copying", because that is what is going on. Noone's property is being stolen by any stretch of the imagination.
"It shouldn't be hard now." (Score:2)
I don't understand why they wouldn't have used well known algorithms that are believed to be strong. I'm pretty sure that I was using PGP with RSA and IDEA in 1993.
Re:"It shouldn't be hard now." (Score:2)
Re:oh PLEASE! (Score:2)
So, yes, I recognize that it's a crime, but at the same time, I feel completely morally justified. There are plenty of immorral laws out there. If you sell me a beer on Sunday, then you're a criminal (in my state, at least). Does that mean it's morally wrong?
--
Re:Encryption NOT Cracked (Score:2)
Re:Responsible Emulation (Score:2)
CPS2shock will no longer release any information that can be used to break CPS-2 encryption until such times as Capcom no longer release new titles on the system
Well, okay, let's say 3 months from now some guys in Uzbekistan come up with a dumping method just like CPS2shock, only they release ALL information on how to do it. What keeps Capcom from screaming, "hey, you leaked the information! Bastards! Lawsuit! Lawsuit!". On the other hand, if the CPS2shock people DID leak the information (carefully as to not leave traces), what keeps them from saying they didn't?
Heck, that's what PGP, public terminals and temporary web-mail accounts are for.
Re:"It shouldn't be hard now." (Score:2)
Kind of. The problem with solving the encryption algorithm original was that there were no known variables. No one knew wha the encryption system was (still don't), what the encryption keys are (still don't), or what the unencrypted data was. Sort of like doing a jigsaw puzzle with square pieces and know picture on it.
Know that they have the unencrypted data, they at least have the picture on the puzzle, so they can check to see if the methods they try out are close to working or not. Combining that with what they've been able to gather about the encryption scheme anyway, someone should be able to crack it much easier now.
ps: I'm a bit confused as to why they don't know the encryptions keys. Since they're stored in an SRAM chip, should they be able to just read them out?
Re: (Score:2)
hacking arcade games (Score:3)
Re:oh PLEASE! (Score:3)
--
MAME's Status? (Score:4)
[ Ack! Robbed of stealing. Figure that logic out. ]
Responsible Emulation (Score:4)
Not so fast (Score:5)
Now that CPS2shock has reached its goal in making it possible to play CPS-2 games in emulators we've taken a few days to think about the future of CPS2shock.
The Future Intent of CPS2shock
CPS2shock will no longer release any information that can be used to break CPS-2 encryption until such times as Capcom no longer release new titles on the system.
CPS2shock will work of dumping older CPS-2 games and releasing them for your enjoyment to play in emulators.
____________________________________
This decision is based on the the following;
CPS-2 games are still in production.
Emulation is at a point now where it can have a direct influence on future plans of the game manufactures. Knowing the encryption method COULD kill CPS-2 & any future planned game releases. Need I say more.
To help stop bootlegging of new CPS-2 releases.
Due to the fact that CPS-1 and CPS-2 hardware is so similar knowing how the encryption system works would leave new CPS-2 games wide open to bootlegging.
To control the release of games.
CPS2shock does not want to see newer games emulated until they are well past their sell by date. CPS2shock will not allow CPS-2 emulation to go down the same road as NeoGeo did if we have anything to do with it.
____________________________________
If you still can't see the logic behind our decision when I make you aware of the following.
We had the logic, knowledge and intelligence to find a way to allow emulation of CPS-2 games. The same logic, knowledge and intelligence was used to reach this decision.
If you still don't like it there is nothing stopping you from breaking the encryption yourself, just don't expect us to help you. Instead of bitching about it use that energy to start you on your way.
If you don't understand what all this means don't worry CPS2shock will be dumping more CPS-2 games so you can play them in your favourite emulators.
Encryption has not been broken. (Score:5)
CPS2Shock team however managed to do something that nobody has done before - extract unencrypted data from the board using 68k code on the hardware itself. This will help figuring out the actual algorithm, but as of yet, the encryption has not been broken. The current files are only useful for playing Street Fighter Zero on emulators, and the painful process to extract this unencrypted data will have to be re-done on EVERY game if nobody can reverse-engineer the actual algorithm.
CPS-2 encryption sounds simple, but it has been used for 8 years now (since 1993 and Super Street Fighter 2, the first CPS-2 system game) and no bootlegs have been made of the games. It doesn't have to mean that it's an overly complicated algorithm, but so far nobody has had any unencrypted data to work against. What makes this scheme devious is that it only encrypts 68k code, not data, so the 0xFFFF and 0x0000 fills don't get encrypted (0xFF and 0x00 fills were crucial in breaking the Kabuki algorithm, used in CPS-1 games' Qsound program roms). Without the unencrypted 68k code, it was impossible to figure out what the encrypted values are related to. It is known that it works on word values (change any bit in the first word and only its encrypted / unencrypted values change, none of the others') and that the address of the value in question is probably used as one of the coefficients in the algorithm.
The files that CPS2Shock released are XOR tables. When used against the original encrypted program ROM file they will produce a ROM file with unencrypted code, but data intact (since it was never encrypted anyway). Go ahead and see if you can actually break the encryption, it shouldn't be that hard now.
(Encrypted) CPS2 ROMs [tlt3.com], get the encrypted Street Fighter Zero program ROM from here and XOR table from CPS2Shock [retrogames.com].