rC3 Talk: Hacking the Nintendo Game & Watch

It just makes sense that a device with such a nice screen and powerful processor should be able to play more than a couple factory-installed games. 🤔

I'm glad that people like you make these things and hack these seemingly unhackable things. Without people like you, we wouldn't have all these things that we use today pretty regularly. Thank you!

I can't believe how well the community has pulled together to extend this awesome device. Thanks for all your hard work!

I'm impressed this project has come a long way. It's only a matter of time before hacked ones show up on Ebay.

This must be the best console reverse-engineering talk ever! The game & watch turns out to be a great fit in terms of complexity for hardware hacking and homebrew!

I have followed your progress since day one on twitter and YouTube, Watched the live Rc3 with a great intro! Great talk, fun and informative!

Great talk!

There's a small mistake around 17:11 :
When you have a ciphertext encrypted with AES-CBC and you flip n bits in one of the encrypted blocks, only the corresponding plaintext block + the bits at the same indices in the next plaintext block will be corrupt. The following blocks will decrypt normally. So if you set n bytes to zero (assuming they all belong to the same block), you'd get 16 + n corrupted bytes in the plaintext.

I can't wait to see what else comes from this! My hope is to turn mine into a classic mario\nintendo\g&w item.

Loved the intro! I am not that technical, but I found this video to be very informative and well paced. Glad that you put this video together! Appreciate all the work on this even if it is more of a curiosity for me than anything else.

People like you survive the apocalypse. Good job.

Hell yes I am so hyped on this. Working on moving into some hardware hacking, and who doesn't love pissing off Nintendo

Dispite the fact that i have the technical knowledge of a potato i found this video very interesting and informative thank you!

It has been said but, great intro! Thank you for all the hard work you’ve put in for this. No way I can duplicate the process to try this myself.

Amazing video thanks for sharing. I've been following your story since day-0 as well here, still waiting till the gadget becomes a little more available to get one. You surely piqued people's interest in this a lot (including myself), for an otherwise yet-another-meh-cash-grab device from Nintendo; hacking it, however, opens many interesting possibilities.

I wish I could give this video a thousand likes. Absolutely amazing mate! Great video! And what a community you have built around this little device. I can't wait to see more.

That was a great presentation and summary of a lot of time and hard work invested in the game and watch. Thanks for sharing it with us and opening everything ;)

Thank you for this very informative video. I've never looked into hardware hacking before, but you are a very good, easy-to-listen-to teacher.

Great talk and amazing work! I bought one of these for my son for Christmas and had to buy myself one after seeing this unfold. I'm very much looking forward to hacking this. I'll be happy with emulation but would love to have a go at writing a homebrew game for it. As for the USB ... you just need to shrink the MiniPRO down until it fits inside the case :D

You've inspired me to get a G&W of my own. Super excited to unlock it and use it for Nefarious Purposes, like super-low-quality DOOM

Man your videos are great, your projects are great, YOU are great ! Seriously this is really entertaining but also really instructive, your explainations are clear and understandable by what I would assume to be everybody and that's really cool ! Good job man, you have a lot of talent !

Awesome video! Very well explained and entertaining!

Hands down the best CCC talk this year!

So awesome - the content but the delivery/deck too! Thanks!

It must kill someone to see their code ripped open and molested like this! Great work

it's surprising how many times this method works on so many different platforms. I used to have a job hacking keyless entry systems and we broken encryptions and did dumps in almost the same way.

All the dislikes are from the security team over at Nintendo.
Nintendo: Great job team, its secure, they'll never hack this.
stacksmashing: Hold my bowl of cereal.

This talk was awesome (I watched it during rC3).

great work! you teached me a lot!

super helpful and informative video, thank youu <3

This is insanely well written and understandable for beginners.

Would love to see how people will preserve Super Mario Maker for the Wii U (yes, the Wii U) and Super Mario 35 (the eShop download)'s online functionality after March.

great video be nice if we had videos on step by step and tools to use on how to flash and setup that would be ace for learners like myself

I can't wait until the RAM change is pretty much all you need to do to get it running emulators. Really the device just needs to emulate all NES and Game and Watch games and it's perfect.

I'm just going to take stab-in-the-dark, but....

How difficult would it be to fix the usb data lines so that they work ?
(EG. soldering the data lines to the proper pins on the CPU, etc, and modifying the firmware to allow communication)

Plenty of Geek Points for you . Quite amazing what you are able to do "because you can" .

I was thinking that to use the USB plug for data purposes, the only thing needed was to wire the two data pins from the microcontroller to the USB connector, but I just read the datasheet for that microcontroller, and while it has USB 2.0 OTG capabilities, there's no pins for it in the 100-pin package version Nintendo used for the game and watch.
What a pity.

Just got my G&W! I look forward to snagging a debugger and start poking around.

Thanks for the NOP Slide.... that's the best thing I've learned in months!

Thanks for the great talk! Is there a way to wire usb data lines to MCU?

Great work, great video, thanks!

I bought this hoping i'd be able to soft mod it. Whelp, so much for that! Its still gonna be cool pulling this from the inside pocket of my Mario Levi denim jacket :)

Great hack, and Nintendo were showed how incompetent they are and that they just should release the stuff with easy access or are showed off like here.

In the old days, lack of Hard and Software for doing such hacks made the systems a bit more secure. But nowadays, with all that brainpower, they couldn't stand any chances.

I still think, it would be possible to remove the decryption for easier access, but it's broken anyway. Now, all is left is to be able to run other games from a USB drive, so you would need a extension board you place there instead of the rom chip (or put a bigger chip in it). If that would work, you could put in NES game dumps and have a fully functional handheld console.

I would love to tinker with such stuff, but having time for it is an issue. I envy you to be able to do that on a daily basis 😀 Most in can do, is reverse engineer NC binary files and reimplement a generator for our company.

Somebody should make a program that makes this able to play all the old Game & watch games on this device 🙂

The Mario romhacking community is one of the oldest and the largest, with a ton of hacks on SMB1. So, my question is, is it possible to run these without loading an emulator? For example, could you load a Mario Romhack on top of Ball? I personally want to load "Super Mario Bros Special for NES", an NES conversion of Hudsonsoft's SMB Special.

wonderful video with very detail information, thanks

best TED talk of 2020 in my opinion

Id love to see the developers reaction to your video. Im sure at some point there would be a '' DAMN IT ''. haha

Hey ich wollte auch einfach mal danke sagen! Ich kann leider nichts zur community beitragen außer die hacks nach Anleitung durchzuführen, aber ich bin so dankbar für Leute wie dich, die das möglich machen, UND erklären wie man zum Ergebnis kommt! Definitv der Wahnsinn und hat mein Interesse geweckt selbst mal bisschen zu hacken.

Absolutely fantastic!

I wasn't planning on getting this, as it doesn't have all of those original Game & Watch games on it. But I will probably get one to have when there is a way for the regular person to be able to easily put on those MAME Game & Watch recreated games on it. Thanks.

Great presentation my man!

Awesome. I had love to get Zelda from NES into my game&watch😁👍

Amazing video and explanation.

Great talk. Thank you!

great job , great video.
Thank you.

This Intro man! Love it!

Awesome talk, thanks.

Hi, I am trying to follow along and use this video as a guide to replicate how the encryption was broken. I am a little stuck at comparing the RAM vs ROM. I have downloaded the ram at memory addresses 0x20000000, 0x240000000 and 0x30000000, but where did you find the original (unencrypted) rom in memory? I have an original rom and I cannot find this anywhere when comparing against the ram snapshot. I have used your bitmap extraction program and I can see the frame buffer and get a nice picture of the video but I can't find the unencrypted rom. you seem to have one ram file as well instead of 3? did you just combine the 3 ram addresses into one file? but mine still seem a lot smaller in size even when combined when compared to yours. ( although I am using the Zelda version game and watch)

Surprised that, unless I missed it, you didn't cover why merely replacing the NES ROM wasn't viable. FTR, Nintendo dies an in place ROM patch to make some small alterations, and that patch would break most other ROMs.

Got my game and watch for christmas and yeah It Is limited as It Is but a nice size and I love playing mario with infinite lives and being able to turn it on and continue any time
but gameboy on this thing would be amazing!!

great job.. too many ours spended in this project .. but work it out !

Very explanatory 👍

Nice summary of your work, the GBSMB is now selling in Mexico, I think I have a nice idea for a gift to myself :D

This just popped up in my reommended, and I gotta say... This is REALLY Cool!

I was trying to find the guide to upgrade the storage to 60MB and the discord but no luck.

Love the intro!

Great summary! Thanks!

lo digo en spanish porque es mas facil, es lo mejor que he visto acerca de hardware hacking sos mi idolo <3

0:18 that was epic 🤣

Can we have some links to the hardware required to hack it?

Good presentation ! Thanks

Amazing video!

This channel is so underrated :(

Something worth watching!

Can you use a usbasp or usb blaster for this?

I wasn't even born when the Nintendo 64 came out but I know the pain of having to blow out cartridges

@stacksmashing - do you know if anyone has considered swapping the SPI flash for a Micro-SD card? The SPI protocol is the same as basic SD-card I/O. Fairly sure you could make a removable storage solution like this to store multiple games.

I had no idea you could get the encryption key if you know both ciphertext and part of the clear text. Does this only apply to AES-CTR? Do you think it would have been possible to hack this if Nintendo had used authenticated encryption?

You mentioned you were a trainer towards the beginning of the video. Could I get you to provide me with a little more information about this? Kind regards,

Would it be possible to add a headphone jack to the Game & Watch?

Plot twist: Ninty's putting out these cheap retro consoles to evaluate the security flaws in their designs before using them in future devices.

HAHA intro was hilarious

Why do you think Nintendo went with RDP protection level 1 instead of 2? They seem to have gone to more rep how this time to try and prevent hacks, so why not lock it down completely?

This is art

Nice,
I'd like to see more about IoT'Devices, thks.

take your time man. make it a better system.

and no picture of your costume in the Q&A?
that was hilarious! xD

good job though, i enjoyed the talk.

i can just say,
you are amazing

Sander Van Der Wel Game & Watch backplate needs a pull-out stand.

3:10 where he says that the SNES and NES classic use Linux

Me: WHAT THE

Great Work

Brevity is the soul of wit

You are Awesome 👏

i wanna see someone mod sonic 1 onto the mario game and watch

make this into a mp4 player for me lol. to put anime on .

Can you play mame games on this machine?

I thought that nintendo already given strike to video that promote nintendo hacking

so the device was hacked before it was even released. why does Nintendo even bother trying to secure these retro systems then? go out of their way to not connect the usb data pins just to annoy people because obviously it did nothing to prevent it being hacked. $50 for 2+1 games is frankly atrocious.

very amazing

I wish I had a game and watch, I’d try hack it and put Pokémon yellow

Can I just send u mine and you reprogram it for me
Let me know you are awesome 💯

im waiting for the day we could play pokemon :/ like pokemon yellow or blue and also pokemon silver and gold

awesome

please, can i send you mine from spain and you do your magic? i would love to have there 1-nes punch out 2-NES bart simpson vs the mutants 3- NES super marios 1,2 and 3 and if possible also kungfu, double dragon, tetris...

What are u doing? WHAT?

Never. EVER. Blow in the cartridge.

You can say the N word without consequences lol

Why in the hell are those Nintendo screwdrivers not called... the TriForce, or Triforcer

Nice thumbnail, NOP slide

👏👏👏👏👏

lol @ intro

Where i can buy 16mb chip to replace 1mb any website?

But does it run DOOM properly?

Watch your back, stacksmashing. I hear Nintendo stalks people.

0:17 NNNNNOOOOOOOOOOOOOOO!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Wie viele deutsche ich einfach ohne es zu wissen abonniert hab, lol.

nintendo copyrighter is a synonym for homosexualist

what is the max flashupgrade size?

when u going to sell these hacked game and watch??you will make a lot of money selling these modded systems

Now this is definitely a ppggers moment

Hast du zwischen 3:40 und 4:10 gesagt DHL hat es zu dir geliefert? Das bedeutet du wohnst in Deutschland und bist höchstwahrscheinlich auch ein Deutscher oder? Nice Sache Dude

Eould it be possible to in stall this game list. Arcade mario bros., Game and watch gallery 3 or 4, legend of zelda, and finally Donky Kong 3. I Believe those games would be most accustomed and authentic to the unit build.

vor diesem Video dachte ich, du wärest ein Amerikaner

Guys plz tell me is this important? Is it a breakthrough or what guys tell me whats happpenin.... can this work on current gen?

Nice, but a better challenge would be hack the XBox One... many years passed and defeated all hackers! ;)

Why did you blur the consoles screen?

I can't believe it took 2 minutes to get the video started. Please shorten your intros should be 30 seconds or less (like 10-15 is best)

1st

You didn't have a Nintendo did you? It didn't do that when it crashed at all..
This new era is strange. .
Leave the old days alone..
It hurts my eyes and ears.
Wiki is full of crap at times because manufacturers need to protect themselves against certain laws that have been made over time etc tax etc

Pog