back

Hacking the Nintendo Game & Watch

Your princess is AES encrypted in another castle

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration: 00:42:55
Language: English
Abstract: On November 13., Nintendo launched its newest retro console, the Nintendo Game and Watch - but by then it was already hacked!

In contrast to the other Nintendo classic consoles (NES & SNES), Nintendo upped their game this time: A locked processor, AES-CTR encrypted flash & co. made it significantly harder to hack it, but in the end it was still hacked - one day before release.

This talk walks through the whole process of opening it up, exploiting the firmware up to bringing homebrew to a new console - in a fun, beginner friendly way.

The Nintendo Game & Watch was anticipated by a lot of retro-interested folks, and the clear expectation was: We wan't to get more games onto this device!

But Nintendo made the life of hackers harder: The CPU is locked, the external flash AES encrypted, and the USB-C connector does not have its data-lines connected.

But not so fast! In this talk we learn how to exploit the firmware, get code-execution via a NOP-slide, dump the ROMs & RAMs of the device and achieve what everyone has been asking for: DOOM running on the Nintendo Game & Watch.

If you are interested in the full flow from opening up a device, exploiting it, to writing custom drivers for homebrew, this is your talk! And all you need to follow along are a Game & Watch and about $4 of equipment!

Talk ID: 11527
Event:: rc3
Day: 1
Room: rC2
Start: 6 p.m.
Duration: 00:40:00
Track: IT-Security
Type of: lecture
Speaker: stacksmashing
Talk Slug & media link: rc3-11527-hacking_the_nintendo_game_watch