[gwbas1c]

> SEGA engineers knew that MIL-CD booting could be used as an attack vector so they added a protection.

> The mashed potatoes problem was solved when a Katana SDK (the official Sega SDK for the Dreamcast) was stolen[6] by the hacking team "Utopia" in late 1999. It turned out that the scrambler was nothing more than "security through obscurity".

I doubt this was security through obscurity. Most likely, it was hard (or impossible) to burn a GD-ROM for internal testing. Thus, this mechanism was probably used to burn games onto CDR for internal testing.

I haven't seen anything that explains how scrambling and descrambling work; but it's important to understand that, at a certain level, all encryption is "security by obscurity." It just comes down to how easy or hard it is to figure out how to bypass. In this case, hacking to get ahold of the scrambler is no different than getting ahold of the private part of a key pair.

Edit:

> SEGA quickly released a DC v2 which disabled MIL-CD altogether but unfortunately damage had been done. With revenues plummeting and the PS2 ogre coming out, developers abandoned the Dreamcast and SEGA retired from the hardware manufacturing business in order to focus on software.

I also wonder if disabling this system was "the straw that broke the camel's back?" If I were a developer and it suddenly became much harder to test, I'd probably think very critically if it's "worth it" to jump through so many hoops for such a small market.

[benchaney]

> I haven't seen anything that explains how scrambling and descrambling work; but it's important to understand that, at a certain level, all encryption is "security by obscurity." It just comes down to how easy or hard it is to figure out how to bypass. In this case, hacking to get ahold of the scrambler is no different than getting ahold of the private part of a key pair.

This isn’t true at all. There is a very significant fundamental difference between obscure information and secret information. Obscure information is by its nature known to many people. There are likely hundreds (if not thousands) of engineers who had access to the code or design documents that describe the scrambler. Information about it was probably given to sales people and representatives at other companies, and transmitted insecurely over a variety of communication mediums. Compare that to secret information, which is known only to the parties using it to authenticate.

Perhaps you could argue that in this case, security by obscurity was not the reason that the system failed, but that isn’t the same as saying all encryption isn’t security by obscurity.

[ThrowawayB7]

> Most likely, it was hard (or impossible) to burn a GD-ROM for internal testing.

Not at all. Sega had a GD-ROM burner that could be attached to the Katana devkits that worked with Sega-issued media. Remember, there were no hard drives in consoles back in those days so getting the disc layout right so that the game had reasonable loading performance was important.

My memory is admittedly a bit fuzzier here but I also seem to recall that these burned GD-ROMs were normally only bootable on the devkit but could be run on a retail Dreamcast by using a special "system disk" beforehand.

[fredoralive]

Nope, GD burners existed[1], and there are a couple of legitimate "MIL-CD" releases. It was a weird multimedia thing that went wrong, not a dev tool.

[1] https://segaretro.org/GD-Writer

[vernie]

Sega's dev kit included recordable GD-ROM discs and a drive that could write to them.

[taco_emoji]

> all encryption is "security by obscurity."

Sure, I guess, in a sort of pedantic sense, but the point is that a robust cryptosystem must have the "obscure" information as a dynamic input variable, like an encryption key -- if the key is discovered, you discard it and use a new one, and the cryptosystem as a whole is still intact. Moreover, discovery of my key doesn't make your encrypted data any less secure.

If, however, the obscure information is a static, integral component like this scrambling algorithm, then discovery means the entire system is now compromised.