Well that blew up, huh? If you follow emulation or just gaming on the whole, you've probably heard about the controversy around the Dolphin Steam release and the Wii Common Key. There's been a lot of conclusions made, and while we've wanted to defend ourselves, we thought it would be prudent to contact lawyers first to make sure that our understanding of the situation was legally sound. That took some time, which was frustrating to ourselves and to our users, but now we are educated and ready to give an informed response.
@nekusoul I want to add that the mentioned Wii keys was always controversial. Dolphin core is part of RetroArch and the RetroArch team never included those keys, because they knew someday it would only mean trouble. That is why Dolphin is still in RetroArch available on Steam. That’s why the installation of Dolphin core on RetroArch is a bit more involved, because they do it the safe way. Glad this project will continue to exist.
In the article they actually state they believe it is actually better to have the keys included and not rely on some method of inserting them.
After this situation blew up, we received many requests, and even some demands, to remove all Wii keys from our codebase. We’re disappointed that so many people on YouTube and social media didn’t even consider that maybe the team had done their research and risk analysis before including the keys, and just assumed that now that it was “pointed out to us” we would remove them. However, we do not think that including the Wii Common Key actually matters - the law could easily be interpreted to say that circumventing a Wii disc’s encryption by any means is a violation. As such, it is our interpetation that removing the Wii keys would not change whether the exemption in 17 U.S.C. § 1201(f) applies to us or not.
In fact, we think that offloading decryption tasks onto a potential 3rd party application would make the situation worse for everyone. As such, we believe leaving the keys as they are is the best course of action.
@Creesch Not everyone agrees with this approach. That’s why it is controversial. But fact is, it is a risk to include the keys for anyone hosting the emulator, until it’s crisp and clear decided by court or by Nintendo. Until then we (the community), or the dev team, nor any lawyer knows with certainty if this is allowed or not. And that is the problem; we don’t know.
Fyi, you don’t need to ping someone when replying to them ;)
Anyway, yeah I get that it is controversial or already was. But you said it in isolation while the blog post explicitly goes into that choice which I think is important for context.
I know, but I add the id (its automated anyway) because it makes it a bit easier to follow discussion if others reply too. In example the upvotes will change the order (in my view at least) and I would need to scroll up and down to see who the answer was to. Doesn’t matter too much, but if it does not hurt, then I would continue like this. Or does it somehow spam the notification? Then I would reconsider this approach, as my goal is not to annoy anyone.
As for the legal stuff; there is not much else to say for us about the situation.
I don’t know why a few of these emulators require stuff from real hardware in the first place. Bleem didn’t and wasn’t passing around copyrighted material, yet every other PS1 and PS2 emulators I know of require .BIN files dumped from a real unit. This is the main thing behind Dolphin being taken off Steam; they’re distributing a thing that is violating a copyright. Surely there is a way around this Wii key bullshit the same way Bleem was able to operate without an actual playstation BIOS, right?
You can operate without a BIOS if you implement a compatible one from scratch. That’s how IBM PC clones came to exist.
But an encryption key has to be exactly the same as the original, and although I doubt it can be copyrighted, it is definitely a technological protection measure per DMCA.
@Kolanaki BIOS is software that can be rebuild. It’s always better to use the original firmware and BIOS for maximum compatibility. The Wii keys on the other hand are not software you can rebuild. These are key codes to unlock a protection, something like a serial key. So the situation is much different from the Bleem thing.
Would another key work? My guess is no because we’re dealing with encryption and not hashing. With hashing you can theoretically find multiple inputs that make the same output. Also I have no idea how many bits the key is. It can easily go from a “get a community driven distributed computing event to crack it” to “have you heard the one about monkeys and Shakespeare?”
@thingsiplay They would have to know the encryption algorithm to emulate it in the first place, wouldn’t they? Couldn’t you just… Not emulate that part or use it to figure out how to break it easier?
If they don’t emulate that part, they either can’t read games, or they need to require games to be decrypted when dumped, and everyone needs a new set of ROMs
Knowing the algorithm shouldn’t give you advantages for any encryption algorithms with practical uses. There is no point to encrypt otherwise because someone must know the algorithm before they can implement it.
You literally cannot see the contents of the game without first decrypting it. Your internet connection is encrypted, your device is decrypting it with its known keys. You would not see the content of your Lemmy instance if your device didn’t decrypt what it received.
Almost every internet connection you make creates new keys. The miracle of encryption is that two people can stand in a room filled with cryptography experts and yell numbers at each other, and those two people are able to establish a secret between them that nobody else in the room can know, even though everyone else in the room has heard the conversation from the very beginning. Once you share a secret, you expand upon the secret to share more information.
@Kolanaki Cracking encryption is considered illegal I think. The only safe way I see is by providing keys to unlock, without breaking the lock. But I don’t know enough about this material and just speculate around it.
That is what we call an attack, or a vulnerability. It isn’t supposed to happen, and at the point where it does, that algorithm becomes cryptographically insecure and should not be used.
I see what you’re thinking though, as it would be such an old hash that collisions must be known, right?
Well unfortunately, what we are dealing with here is encryption, not hashing, and hash collisions do not apply as an attack vector to encryption.
You could in theory try a cryptographic attack on the encrypted data but then you run into a few other problems:
you’re effectively distributing a DRM bypass tool, expressly forbidden under DMCA
Attacking even the likes of RC4 takes considerable compute time on modern systems
If you do crack it, you legally can’t store it, which compounds problem number 2.
Did you even read the post? They say that they believe that including the decryption key is not violating anything as its only a small portion of the software.
It was taken off Steam because Valve asked Nintendo how they felt about it - Nintendo obviously didn’t like it, so Valve said Dolphin needs to be removed unless they can get permission from Nintendo.
Yup. Although it seems like Nintendo is believing it as well, considering they didn’t already shut the project down years ago. Either that or Nintendo just doesn’t want to risk a second Bleem ruling, legalizing emulation even further.
we do not think that including the Wii Common Key actually matters - the law could easily be interpreted to say that circumventing a Wii disc’s encryption by any means is a violation
Their conclusion is that it doesn’t matter because it might or might not be ok either way.
Dolphin is an independently created computer program that is circumventing Wii disc encryption for interoperability with Wii software. According to this exemption, this does not constitute infringement under 17 U.S.C. § 1201. This exemption even allows distribution of information collected through circumvention, like encryption keys, if it is for software interoperability.
17 U.S.C. § 1201(f) is a significant legal protection for emulation in the US, and it is why Nintendo has yet to legally challenge any emulator with the DMCA anti-circumvention clauses despite the law going into effect 25 years ago. Unless a court rules that our understanding of the law is incorrect, we have every reason to believe that our decryption of Wii game discs is covered by this exemption.
Their conclusion is that they believe that they fit in the exemption clauses of the DMCA and therefore, they are not breaking the DMCA by including a mechanism or the key. They think that the exemption clause might not apply if the key or decryption mechanism was standalone.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !gaming@beehaw.org
From video gaming to card games and stuff in between, if it’s gaming you can probably discuss it here!
Please Note: Gaming memes are permitted to be posted on Meme Mondays, but will otherwise be removed in an effort to allow other discussions to take place.
i was surprised that this was even attempted, but i guess someone would eventually try to
@nekusoul I want to add that the mentioned Wii keys was always controversial. Dolphin core is part of RetroArch and the RetroArch team never included those keys, because they knew someday it would only mean trouble. That is why Dolphin is still in RetroArch available on Steam. That’s why the installation of Dolphin core on RetroArch is a bit more involved, because they do it the safe way. Glad this project will continue to exist.
In the article they actually state they believe it is actually better to have the keys included and not rely on some method of inserting them.
@Creesch Not everyone agrees with this approach. That’s why it is controversial. But fact is, it is a risk to include the keys for anyone hosting the emulator, until it’s crisp and clear decided by court or by Nintendo. Until then we (the community), or the dev team, nor any lawyer knows with certainty if this is allowed or not. And that is the problem; we don’t know.
Fyi, you don’t need to ping someone when replying to them ;)
Anyway, yeah I get that it is controversial or already was. But you said it in isolation while the blog post explicitly goes into that choice which I think is important for context.
I know, but I add the id (its automated anyway) because it makes it a bit easier to follow discussion if others reply too. In example the upvotes will change the order (in my view at least) and I would need to scroll up and down to see who the answer was to. Doesn’t matter too much, but if it does not hurt, then I would continue like this. Or does it somehow spam the notification? Then I would reconsider this approach, as my goal is not to annoy anyone.
As for the legal stuff; there is not much else to say for us about the situation.
In that case, just continue :) I just did happen to notice it but it doesn’t lead to extra notifications or annoyances.
As expected. There really isn’t much to gain to release on Steam given the risk.
I was surprised they did in the first place. Emulators generally want to fly just under the radar
tl;dr of the statement: Dolphin project is not in any danger but it won’t be released on steam.
I don’t know why a few of these emulators require stuff from real hardware in the first place. Bleem didn’t and wasn’t passing around copyrighted material, yet every other PS1 and PS2 emulators I know of require .BIN files dumped from a real unit. This is the main thing behind Dolphin being taken off Steam; they’re distributing a thing that is violating a copyright. Surely there is a way around this Wii key bullshit the same way Bleem was able to operate without an actual playstation BIOS, right?
You can operate without a BIOS if you implement a compatible one from scratch. That’s how IBM PC clones came to exist.
But an encryption key has to be exactly the same as the original, and although I doubt it can be copyrighted, it is definitely a technological protection measure per DMCA.
DMCA is a horrible law and needs to be gutted.
It’s a bit different when encryption gets involved. Unlike the original firmware files, there’s no way around putting emcryption keys in an emulator.
@Kolanaki BIOS is software that can be rebuild. It’s always better to use the original firmware and BIOS for maximum compatibility. The Wii keys on the other hand are not software you can rebuild. These are key codes to unlock a protection, something like a serial key. So the situation is much different from the Bleem thing.
Would another key work? My guess is no because we’re dealing with encryption and not hashing. With hashing you can theoretically find multiple inputs that make the same output. Also I have no idea how many bits the key is. It can easily go from a “get a community driven distributed computing event to crack it” to “have you heard the one about monkeys and Shakespeare?”
@thingsiplay They would have to know the encryption algorithm to emulate it in the first place, wouldn’t they? Couldn’t you just… Not emulate that part or use it to figure out how to break it easier?
If they don’t emulate that part, they either can’t read games, or they need to require games to be decrypted when dumped, and everyone needs a new set of ROMs
Knowing the algorithm shouldn’t give you advantages for any encryption algorithms with practical uses. There is no point to encrypt otherwise because someone must know the algorithm before they can implement it.
You literally cannot see the contents of the game without first decrypting it. Your internet connection is encrypted, your device is decrypting it with its known keys. You would not see the content of your Lemmy instance if your device didn’t decrypt what it received.
Mostly right, but a bit misleading.
Almost every internet connection you make creates new keys. The miracle of encryption is that two people can stand in a room filled with cryptography experts and yell numbers at each other, and those two people are able to establish a secret between them that nobody else in the room can know, even though everyone else in the room has heard the conversation from the very beginning. Once you share a secret, you expand upon the secret to share more information.
@Kolanaki Cracking encryption is considered illegal I think. The only safe way I see is by providing keys to unlock, without breaking the lock. But I don’t know enough about this material and just speculate around it.
Nope. Think of the key like a massively long password. Only that password is going to be able to open the file.
Yeah but in theory multiple passwords can open an account because hashing doesn’t produce unique output.
Actually it does. That’s literally what hashing is supposed to do.
https://en.wikipedia.org/wiki/Hash_collision
That is what we call an attack, or a vulnerability. It isn’t supposed to happen, and at the point where it does, that algorithm becomes cryptographically insecure and should not be used.
I see what you’re thinking though, as it would be such an old hash that collisions must be known, right?
Well unfortunately, what we are dealing with here is encryption, not hashing, and hash collisions do not apply as an attack vector to encryption.
You could in theory try a cryptographic attack on the encrypted data but then you run into a few other problems:
you’re effectively distributing a DRM bypass tool, expressly forbidden under DMCA
Attacking even the likes of RC4 takes considerable compute time on modern systems
If you do crack it, you legally can’t store it, which compounds problem number 2.
Did you even read the post? They say that they believe that including the decryption key is not violating anything as its only a small portion of the software.
It was taken off Steam because Valve asked Nintendo how they felt about it - Nintendo obviously didn’t like it, so Valve said Dolphin needs to be removed unless they can get permission from Nintendo.
Them believing it isn’t the same thing as actually being ok.
Yup. Although it seems like Nintendo is believing it as well, considering they didn’t already shut the project down years ago. Either that or Nintendo just doesn’t want to risk a second Bleem ruling, legalizing emulation even further.
Surely you know more than the lawyers Dolphin got help from.
The lawyers didn’t say “it is ok”.
Their conclusion is that it doesn’t matter because it might or might not be ok either way.
Note that they also say:
Their conclusion is that they believe that they fit in the exemption clauses of the DMCA and therefore, they are not breaking the DMCA by including a mechanism or the key. They think that the exemption clause might not apply if the key or decryption mechanism was standalone.
Flatpak works on Steamdeck.
https://flathub.org/apps/org.DolphinEmu.dolphin-emu