This NES Classic jailbreak is a perfect parable of our feudal future of disobedient dishwashers

doctorow 2017-01-07 14:17:22 UTC #1

Originally published at: http://boingboing.net/2017/01/07/this-nes-classic-jailbreak-is.html

Nintendo's nostalgic instant sellout NES Classic (still available from scalpers) only comes with 30 games and no way to add more: but it only took two months from the announcement date for intrepid hackers to jailbreak the device and come up with a way to load your favorite ROMs, using a USB cable and a PC.

Israel_B 2017-01-07 14:38:25 UTC #2

Way back when, before Internet, there were devices which dumped NES, SNES, etc cartridges to floppy or other media for "backup" purposes. That's the source of most ROM files which ended up on the internet later.

It's honestly pretty hard to argue in favor of those considering how rare actual NES carts suffered hardware failure and that the NES stayed on the market for so many years after anyone stopped making new games.

Honestly the main reason for these always way piracy.

doctorow 2017-01-07 15:09:37 UTC #3

I don't know of any stats on this, but from my personal experience with my NES, I can assure you that some people experienced regular failure from NES carts.

fuzzyfungus 2017-01-07 15:23:47 UTC #4

What is actually very(at least to me) surprising is how relatively non-gnarly the hack is.

As anyone who has spent some time poking at cellphones and tablets can tell you; the wonderful world of cryptographically locked bootloaders is a reality; and a fairly common one.

Based on the directions for performing the hack, it appears that Nintendo used a slightly oddball roll-your-own arrangement for the device's filesystem(possibly with a bit of obfuscation there for anti-tamper purposes, possibly just basic 'nobody is ever going to see it, so as long as it works' dirty-hacks-on-a-deadline' stuff); but the technique for dumping the device's firmware and re-flashing the modified firmware image uses exactly the same tools used for USB-debugging most Allwinner SoCs(which, because Allwinner is one of those 'GPL compliance with Chinese characteristics' shops, kind of suck; but the ones that support the NES Classic don't differ from the ones you use for every other cheapo tablet, android-TV-streaming-puck, or phone based on one of their SoCs); and the NES Classic boots without complaint even after its firmware has been modified(which would break any cryptographic signatures or checksums).

I found this so surprising that I've been trying to do some more digging: The 'R16' SoC used in the Classic is, apparently, a relabled A33; and the datasheet for that part shows no mention of efuse storage or 'secure boot' support. A variety of other SoCs in Allwinner's lineup do have those features; but the R16 appears to only have a basic crypto accelerator block.

It's a trifle astonishing, especially given that Nintendo has been attempting hardware-enforced restrictions since CIC/10NES back in 1983; but unless I'm missing something, they appear to have pinched pennies so hard on this product that it actually lacks the common(and often very effective) bootloader lockdown seen in even relatively cheap gear.

Mister44 2017-01-07 15:41:51 UTC #5

For the less tech savvy - and sense I have an awesome CRT that is going no where, I thought about getting one of those retro machines that plays games from 4 different machines, and then get a cartridge that allows you to upload all the ROMS you want via and SD chip. Only those cartridges are like $100.

Then again do I really have time to be playing old games?

If you need me I'll be in the Gungeon.

Israel_B 2017-01-07 16:06:06 UTC #6

Again no stats but "cart failure" was most often dirty contact points on the cart OR intermittent connectivity failure with the NES due to the stand board connector at the cartridge receiving juncture.

Enkita 2017-01-07 17:05:41 UTC #7

Is this iPhone autocorrect at work? It doesn't read like electronic engineering terminology, and I'm not sure what the meaning is.
The NES was famous for rapid pin wear and lack of self-cleaning. In those days almost no connectors were designed for frequent mating cycles other than jacks. The modern micro USB and USB C are small miracles of reliability that can manage thousands of cycles, and we take them for granted. But not long ago a couple of hundred mating cycles was expensive industrial or military technology.

Israel_B 2017-01-07 17:38:56 UTC #8

Thats called 2AM after a bottle of sake terminology. Also I was remembering a bit wrong trying to describe the ZIF reciveiver. See here and scroll through the pictures

Point is how the ZIF reciever was in turn attached to the system board and that sometimes got wonky.

hyploaderbot 2017-01-07 19:32:36 UTC #9

The way Blackstone describes property is an intuition held long and deep by members of most consumer markets. Hacker and tinkerers worldwide will always be ready to mod our devices to get around the overreach of DMCA 1201 and similar laws. I guarantee Asia will do it. (It might not be as cute when technology is inevitably used to get around gun restriction laws, but where there's a demand, there will be a market.)

nungesser 2017-01-07 19:35:25 UTC #10

The same law that lets Apple decide who can make software for your iPhone... add a vision system and it would allow Kitchenaid to decide who can make bread for your toaster; add an RFID and it would allow Bosch to decide who can make dishes for your dishwasher.

This article went from "interesting hack" to tinfoil hat territory quickly.

agies 2017-01-07 19:46:29 UTC #11

The main point of failure is the 72 pin connector on the NES itself. They are often dirty or loose.

timber_munki 2017-01-07 20:07:33 UTC #12

I'm no expert in copyright law or the DMCA but couldn't it be argued that if you're able to bypass something controlling access it is not an "effective means of access control" therefore not covered by the act?

SpookyFM 2017-01-07 20:19:54 UTC #13

I don't think Cory's point is that this is going to happen (at least not to toasters and dishwashers) but that these laws would make it possible. And I think he's right to choose these examples: If fifteen years ago someone would have told me that the manufacturer of my computer would lock down what kinds of software I could install on it and I'd be voiding the warranty (and, in some countries, breaking the law) by bypassing that lock, I'd have told them they were crazy. And now this is more or less the default.

doctorow 2017-01-07 20:35:50 UTC #14

Alas, no.

Enkita 2017-01-07 20:37:57 UTC #15

I think the two statements are fairly equivalent.

agies 2017-01-07 20:39:29 UTC #16

Agreed.

ETA: There's some supposition that the front loading mechanism of the NES, as opposed to the top loading Famicom, added to the failure rate. Also the 10NES lockout chip which had it's own pins on the cartridge probably exacerbated the situation.

JeanBaptiste 2017-01-07 20:53:23 UTC #17

Bionic Commando WOOT!!!

TimmoWarner 2017-01-08 00:05:29 UTC #18

Did you try blowing on them?

orenwolf 2017-01-08 04:48:16 UTC #19

I was super excited by the NES Classic and in fact managed to get my hands on one, but a week later found out about Provenance and now have all the NES/SNES/SMS/Genesis games of my childhood on my Appletv.

Jorpho 2017-01-08 05:47:57 UTC #20

As this exploit has only been in the wild for less than a day, we've yet to confirm exactly how many commercial and homebrew games are compatible with the NES Classic's default emulator.

And that's the thing, isn't it? If Nintendo actually let people run whatever they wanted to on this unit, you'd inevitably wind up with people complaining that it didn't run one obscure thing or another, and people complaining means lost sales. Just like if you let people use sub-standard bargain bin ink in their printers, they'll probably end up blaming the printer manufacturer (or at least bothering some beleaguered support staff person) when it stops working. Because expecting people to be smart enough to figure out that crappy ink is to blame is all too likely to alienate a significant fraction of one's customer base.