8. Skip to content

8. Auth V2

Danger

Auth V2 is legitimately good. If you’re here because you want to try and understand the protocol to attack it, I can save you some time: you can’t. With that out of the way, back to the article

Note

Auth V2 requires an non-Lv3 keychip (that is, equipt with an A7 security processor rather than N2) running at least firmware 2.10

Auth V2 (aka auth20) is a multi-step authentication process wherein the server performs a challenge-response process against the keychip using a nonce.

8.1 High level: What is Auth V2?

Standard ALL.Net authentication uses the store IP address and keychip serial number to authenticate the client.

Auth V2 solves a number of problems:

  • A legitimate keychip must be present, regardless of software modifications performed to the arcade machine
  • The keychip needs to be able to validate the server’s identity
  • The server needs to be able to validate the keychip’s identity
  • Games need a way to validate the initialisation data (importantly, the game server URI)
  • No part of the protocol can be vulnerable to replay attacks

All cabinet-side processing of Auth V2 is performed within the keychip, and all communication is encrypted in transit. The keychip drivers serve as a proxy, and perform no other processing. The required functionality for this was added in firmware version 2.10.

The keychip presents the server with a nonce, which the server is expected to encrypt with a key (called the “server key”) and return encrypted to the keychip. Using this, the keychip is able to validate the authenticity of the server. The keychip will then encrypt a nonce the server sent with a key (called the “keychip key”), which is returned to the server. The server validates this data, and finally returns standard initialisation data, however additionally includes a signature that games can use to validate its authenticity.

While the cryptography used is symmetric (AES) and requires pre-shared keys, these keys are stored within the security processor on the keychip and cannot be extracted.

Shared knowledge of the unique keys is required for authentication to be possible. The keys are different for every keychip.

The keychip first validates the server’s authenticity before encrypting the nonce to reply to the server. For this reason, a malicious request cannot be made to the keychip requesting it encrypt a nonce to then be used against a legitimate server. The auth server challenge nonce is generated internally in the keychip, and contributes to the final 16 bytes of the packet, the encrypted form of which is used as the communication IV. As such, replay attacks are not possible.