The 3DS DRM And Cryptography Model

Yifan Lu:

Let’s assume for now that we have system integrity (we don’t). How do we implement DRM? The truth is that DRM is impossible in theory. However, as engineers, we do not always have to follow theory. The secret of DRM is that, unlike other cryptosystems, you are not designing it to be secure forever. (Note for the pedantic: I know that no cryptosystem currently known would last forever, but if you can point out this fact, you also know what I mean.) Specifically, if your DRM can last 100 years, most people (on the engineering side) would be very happy. In fact, if you can provably do that, you would “solve” the problem of DRM. Most DRM schemes are designed with decades in mind (something that you might not admit to business people). That means we can commit some security faux pas that the textbooks would forbid. For example, security by obscurity is a tool here. If it takes the hacker 5 years to figure out your scheme, then by all means do it, because you just bought another 5 years. (But be warned that if you think it takes 5 years to crack the scheme, it likely will take 5 months.)

Standalone, this post is an interesting exploration into the 3DS’s security measures, the quest to prevent game piracy. As a provably-foolproof method for content protection has not been found, all DRM is about delaying people for as long as possible. At the end of the day, it’s just maths. This article is particularly relevant to my interests in light of recent happenings in technology. Hopefully, you can see the parallels between what Nintendo does and what Apple does with iOS devices.

When embroiled in debates over human liberties and public safety, there’s a tendency to pigeonhole the meaning of encryption as only the thing that protects personal data on your devices. In reality of course, encryption and hashing techniques are everywhere in technology. Assuming such a policy was enforceable, a ban encryption is not feasible. There are numerous, legitimate, reasons why a company wants to include encryption flows in a product.

Game DRM is just one case; Nintendo and others use cryptography to (attempt to) protect their games library from piracy. In the same way that the FBI is looking for compromises to gain access to the contents of an iPhone, hardware hackers meticulously reverse-engineer the workings of Nintendo’s consoles to break the software security policies. When successful hacks are found, Nintendo releases newer hardware with different security protocols and the hackers get to work gain. This is exactly what Apple does with its iPhones.