back

Hacking the Nintendo Game & Watch

Your princess is AES encrypted in another castle

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:42:55
Language
English
Abstract
On November 13., Nintendo launched its newest retro console, the Nintendo Game and Watch - but by then it was already hacked!

In contrast to the other Nintendo classic consoles (NES & SNES), Nintendo upped their game this time: A locked processor, AES-CTR encrypted flash & co. made it significantly harder to hack it, but in the end it was still hacked - one day before release.

This talk walks through the whole process of opening it up, exploiting the firmware up to bringing homebrew to a new console - in a fun, beginner friendly way.

The Nintendo Game & Watch was anticipated by a lot of retro-interested folks, and the clear expectation was: We wan't to get more games onto this device!

But Nintendo made the life of hackers harder: The CPU is locked, the external flash AES encrypted, and the USB-C connector does not have its data-lines connected.

But not so fast! In this talk we learn how to exploit the firmware, get code-execution via a NOP-slide, dump the ROMs & RAMs of the device and achieve what everyone has been asking for: DOOM running on the Nintendo Game & Watch.

If you are interested in the full flow from opening up a device, exploiting it, to writing custom drivers for homebrew, this is your talk! And all you need to follow along are a Game & Watch and about $4 of equipment!

Talk ID
11527
Event:
rc3
Day
1
Room
rC2
Start
6 p.m.
Duration
00:40:00
Track
IT-Security
Type of
lecture
Speaker
stacksmashing
Talk Slug & media link
rc3-11527-hacking_the_nintendo_game_watch

Talk & Speaker speed statistics

Very rough underestimation:
152.0 wpm
814.9 spm
165.1 wpm
883.2 spm
100.0% Checking done100.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
0.0% Nothing done yet0.0%
  
100.0% Checking done100.0%
0.0% Nothing done yet0.0%
  

Work on this video on Amara!

Talk & Speaker speed statistics with word clouds

Whole talk:
152.0 wpm
814.9 spm
deviceflashramgamebasicallywatch&ampnintendosuperromexampleprettycontentsdoomdatanesmariocodelevelcalledbytesgamesdumpcouplefindportrunningfirmwaresimplethomashardwarenicebrotherschipencryptionchangedebuggingoriginalexternalcasembencryptedsupportemulatorcustomopenkbconsoleprocessorimage
stacksmashing:
165.1 wpm
883.2 spm
deviceflashgameramwatch&ampbasicallysupernintendoexampleromprettydoomnesmariodatalevelcontentscodefindportdumprunningbytescalledgamescouplebrothersniceoriginalfirmwaresimpledebuggingchangechipemulatorhardwarembencrypted4supportconsolethreeprocessorloadedaesimagechangedcustomreleased