This is amazing. The video avoids too technical language, and basically explains the whole process of reverse engineering. I think this is the best explanation of reverse engineering I've seen in a long time.
Micah Scott's toastermelt videos are another great example of reverse engineering workflow/techniques. More technical and detailed but still very accessible.
Wow. I certainly hope someone with a lot of power over company culture at, say, Apple is watching this. And that they get inspired to think about cultural preservation.
I really think it should be a standard act of corporate responsibility and platform stewardship to make it so that work like that of Professor Abrasive's, is not the only spare key we have to current culture a few decades down the road. We as a global culture just might be really, really lost and bereft of history if that was to be the case.
I frankly think that Apple under Tim Cook is in a historically unique position of making cultural preservation of games and software feasible and something built into the whole social and legal contract of proprietary, locked down platforms. It's not like Sony is going to lead the way with the PlayStation?
I mean, to really make preservation legit, there needs to be some sort of useful official emulation and data extraction capability down the road. For all we know now, there might be terrible legislation that prohibits reverse engineering in a lot of jurisdictions.
There's of course a lot problems to solve, with all the crypto and stuff, and licensing, but someone should be on this. Especially since software distribution is becoming all ephemeral and download based! Not to mention the cloud fragmentation of personal data.
To fix it, people should stop using DRM. Or as a first step to repeal crooked corrupted laws which declared breaking DRM illegal even for legitimate purposes.
Yes, there will be a day when nobody is using iPhones anymore. Hopefully our ancestor will still be able to run some of the apps in the future. Social media apps are off course thin clients.
One of the nice things about Apple's review / publish system is that it encourages multiple parties to keep release binaries around. Both parties will need them in case there's ever an allegation of malicious or dangerous code.
Also app-specific DRM is unnecessary AFAIK, so that will avoid common problems.
I can't wait for him to start selling these! I would buy one in a hot minute. My Saturn is collecting dust and there are so many games I just can't get my hands on for my Saturn, and emulation in my experience hardly works. It's way too weird a machine.
In case it helps, there is actually a very low tech solution to booting copied games on Saturn hardware that works with the vast majority of games released (especially expensive/rare/hard to find games like the Treasure releases).
Tape/wedge the drive lid sensor down, power up with a real game in (you don't need to close the lid as the sensor believes the lid is always shut) and allow it do the initial copy protection check on your real disc.
At this point it stops the disc for just less than second - just enough time to pull the real disc out and swap in a CD-R. It takes a little practice and potentially can damage the drive motor if your timing is frequently poor.
Games this won't work with are those spanning multiple discs where you need to swap discs in game to progress.
You can already buy the Saturn Rhea. It is pretty much the same thing except SD based and it replaces the CD drive. I have one and absolutely love it. It's honestly the best retro gaming purchase I have made in a very long time.
I think that's both why they were so expensive back in the day AND why it was so hard to develop on (all I have -ever- heard about developing games for that platform).
Does anyone know how you go from a PCB to a product? I've made PCBs before, but I wouldn't know where to begin to make it into a product that I can sell to people...
I'm so so glad he mentions archiving in this video - I don't think enough thought has been given to the impact of DRM on museum collections in 10-50 years.
I'm going through this as a relatively new PS Vita owner. Sony decided to go with proprietary game cartridges, proprietary memory cards, and DRM'd digital distribution. Despite the quality of the games and hardware, the system didn't do well commercially and it appears Sony has lost interest in the system and it's sibling PS TV/Vita TV.
There are a lot of great games (including PS1 and PSP games) for the system, but once the hardware dies or the download servers are shut down, what is left for people who still want to play these games?
In the back of my mind I've been thinking what digital consumer rights look like. It seems like this point in history has laws that favor publishers more than consumers or the public good.
There's actually a very large collection of Saturn games archives at archive.org. They're MESS compatible CHD files (I wish other emulators would support it, it's a good way to handle large drive copies), but it's a fairly good collection.
Maybe a condition of copyright should be that you submit the unrestricted media to Library of Congress, and it gets released upon expiration of copyright.
These crazy reverse engineering projects kind of make me feel insecure about my own abilities, as weird as it sounds.
I wonder if I would have been able to come up with the same solution if I worked at it. My fear is that I would not, but who knows.
A lot of it is purely analytical, but there is a portion that relies on pure creativity and problem solving abilities.
I understand the process he went through as well as the technical details behind it, but following along is much easier than looking at a circuit board with a blank face, wondering where to begin.
I spent the last 2 hours last night just reading about Sega Saturn…
He mentions archival as a motivation but can we trust the rest of the hardware to last more than a few decades? Isn't emulation the real archival solution?
As I think I mentioned that's been another major outcome. I've been working with Yabause developers both to improve their HLE of the CD block, and to implement full low-level emulation using dumped ROMs.
It would be, but cycle perfect emulation is very difficult and costly. Higan (formerly Bsnes) manages it with Snes emulation and it requires a cpu with a rate over 3GHz. I remember reading the N64 would require a 10GHz cpu to emulate with 100% archival accuracy.
long story short, it is the real solution, but its not a practical one by any means.
Yes. In general there are two real paths to long-term archival of games: emulation and reproduction.
Emulation is the best possible path IMHO since it enables the games to be played (and experienced) on pretty much any hardware. I think this work may do quite a bit to help in that area, there's really no reason the Saturn isn't nearly perfectly emulated these days.
Reproduction is the next best and much harder than Emulation. Basically figuring out how to build the hardware again. There's several versions of this with much older hardware (C64, 2600, etc.) with new hardware being produced that can run the old software natively. There's also "lesser" versions that use modern CPUs, etc. to run the code basically also in emulation, but this is not the same thing. However, reproduction is both technically more difficult and has a smaller audience who's willing to add yet another machine to their collection to see old games.
also, MESS's emulation is also not too terrible, I was pretty surprised with how many games worked under it
Longterm yes, but the cd drives on these things die decades before the roms and processing hardware. He had mentioned in the video that he was surprised that the solid state laser died so soon but I was under the impression that it's almost always the drive motor that's the first to go.
Personal archiving is allowed under USC's Fair Use terms AFAIK whilst emulation isn't; might just be legally protective wording (or an attempt at that).
As a Sega fanboy, this makes me happy. That copy protection scheme (outer ring spiral) is quite something. I find it amusing that Sega went with yet another proprietary disc format for the Dreamcast (GD-ROM) and that system is able to load homebrew code from any CD-R / CD-RW without any modifications to the hardware.
Yeah, that is something. They thought better hardware protection was unnecessary because they believed in the strength of their software solution (which was quickly cracked)? The games could be larger, so that CDs could not fit them without changes. IIRC early Soul Calibur burns had their music down-sampled to fit 650 MB. And was it Skies of Arcadia that really did have too much content to fit on a CD, without serious changes?
Also, you mention CD-RW, but IIRC you could not boot off CD-RW, only CD-R. Or maybe that was the softmodded xbox?
> That copy protection scheme (outer ring spiral) is quite something.
Yeah about that, I don't get it. Is there data hidden in that spiral that acts as a checksum for the CD or something? Or is it of special material that lights up differently under certain light (like money)?
To me it doesn't look that hard to duplicate a simple spiral, but then I know nothing about it.
Playstation also had a trapdoor Parallel I/O port exposing raw address/data bus, it was meant for network interface, debugging(PSY-Q) and stuff(ActionReplay/GameShark). Great thing about that port is you can hang your own ROM there and console will execute it while booting, no code signing/drm crap.
Afair at the beginning PSIO patched original firmware replacing all CD routines with its own, but later in the project it was discovered a lot of games talked straight to the hardware ignoring SONY requirements for using BIOS routines. This is why current version comes with small board you need to solder inside to reroute chip select signals from the CD controller chip - PSIO emulates that chip completely. You still get data faster than CD due to no seek times. https://www.youtube.com/watch?v=Wc3rOb7Evxc
The problem with a lot of the modchips is that the companies behind them are secretive (leading to loss of knowledge when they close) and they're just so damn expensive.
Why is this being downvoted? I think it is perfectly reasonable to ask for a TLDR on a 30 minute video.
Anyway, the basic story is that the Saturn had copy protection in the form of physical marks on the copy protected CDs. This puts a huge barrier to entry on homebrew and the like, so a guy going by Dr Abrasive tried to reverse engineer a way around that. He first looked into a way of disabling the copy protection on the CDs to allow burned CDs to be used but that proved too difficult.
He eventually hit upon the fact that the Saturn had an external module that could be added to allow the system to play video CDs. He then built a component to take advantage of that fact and feed in his own commands through this interface thereby avoiding the copy protection entirely. This allowed content to be run from USB sticks without the need for CDs at all, lowering the barrier to entry even more. It also helps workaround mechanical failure of the CD drive which is becoming a common problem for the 20 year old hardware.
So now if you have this custom built component, you can take an off the shelf system and start running code from a USB stick without any soldering, hacking, or modification at all beyond plugging the device into the back of the console.
He dumped ROM of Saturn's CD-ROM module's CPU, reverse engineered OS in it, discovered a developer mode which allows Saturn to read non-protected CDs but requires a special protected CD which nobody has, then he turned attention to the slot for Video CD decoder card, discovered that this card can send additional encrypted code to CD-ROM module's CPU, then created replacement for CD-ROM module as a card for Video CD decoder slot, which allows to load CD images from USB mass storage devices connected to it's USB port.
>I, myself, am not going to release these ROMs. This isn't the first project where I've dumped a commercial object for some other purpose and been asked to share (see: shairport, for one), and after much thought I conclude - now, as then - that it's not the right thing for me to do in any project. There are legal and professional risks which I'm just not comfortable taking. That's not negotiable.
>But that's not to say I won't help you dump it yourself. I'll have a dump feature in the cart, and I'm sure someone will rapidly archive all the available systems.
Not to discount this as it's very impressive work. But replacing CD drives with SD/hard drive based solutions is becoming pretty common. For the Dreamcast there is the GDEmu[0], and the Saturn already has the Rhea and Phoebe[1] (basically the same thing, each is for slightly different models of Saturns).
The Playstation also has one, the ps-io[2]. I'm really hoping for someone to step up and do the PC Engine, Neo Geo CD, Sega CD and 3DO.
I'm glad someone else out there digs the Sega Saturn because I always felt left out being into Sega games while the rest of my friends were Nintendo kids all the way.
They probably have contractual restrictions - agreements to help fight against unauthorized copying, or to protect the copyrights of people who create games on the system.
And in general, most console systems are a serious bundle of hacks, mostly tolerated by programmers by the sole fact that you can rely on every system to be identical.
Sega wasn't losing money on the Dreamcast, but they weren't making money either. Sega's exit didn't have to do with sales; they chose to exit the console market because there was more money if they focused on games and less on hardware.
You certainly didnt know the history of Sega or the Dreamcast if you think it died because of piracy.
...with that thinking then the Saturn would of been an ultra success.
It was impossible to find anyone capable of producing CD's with the wobble when the Saturn was alive. Finding somebody capable today would be possible, but it wouldn't be very profitable because its a dead system.
If a new console used the wobble/burst then surely you'd be able to order these CDR's from Alibaba..
I was just thinking about the Saturn at a nerd memorabilia store, as this was the one system I saved my money up to buy at 11 years old. What an utter disappointment of a system (in terms of games), but what a great hack. Makes Dreamcast hacking look like Lego Logo.
The Saturn had great games what are you talking about?
Maybe it didnt have all those game your schoolmate was playing on his Playstation but does take away from some of the great games it did have
I am not good with electronics tbh but why it is not possible to mitm the connection between CD drive and motherboard? As far as I see from 'swap disk' technique outer protection track is not changing depending on game
You can. That's what traditional modchips do, and there's the Rhea/Phoebe which completely emulates that drive via that interface.
Of course, if you sit at that point in the system you have a different set of problems and capabilities. Much easier to build hardware for, but no data output, and of course you need to disassemble the console to get there in the first place.
I was thinking about controlling an outside door unlock button by MITMing the electrical cables going out of it, but realized I have no idea how to go about it. I just need to generate the same signal... I thought maybe someone reading this could have some pointers.
Possibly stupid question: why didn't some enterprising person figure out how to produce CD-Rs with the copy protection wobble track? Is the market too small vs the cost of required equipment? Would it have been illegal?
"I hope this lays the matter to rest, and prevents anyone from wasting more time on it (like my day burning useless discs).
I'm sure someone will wave their hands around and say that custom burner firmware could do the job, but good luck finding a burner with a programmable DSP in the pregroove tracking loop and managing to modify it to do the job."
It may interest folks to know that all Sega Saturn games have their audio encoded as plain old CD audio tracks. You can put your Sega Saturn disc into any old CD player and play all of the music tracks.
You can also rip a sega saturn CD in your computer. I particularly enjoy the music from Sega Rally Championship and Virtua Fighter 2.
Many, but certainly not all. Redbook audio (along with tons of grainy low resolution FMV) was more common in the earlier days of the CD-ROM, when creators were trying to justify the format, but hadn't figured out more interesting ways to make use of the space.
wow! THIS is what hacking looks like. these days the term seems to have been muddled and interchanged with "programming". True art of reverse engineering something you don't have a full manual for (and can't ask StackOverflow).
majke|9 years ago
Gracana|9 years ago
apecat|9 years ago
I really think it should be a standard act of corporate responsibility and platform stewardship to make it so that work like that of Professor Abrasive's, is not the only spare key we have to current culture a few decades down the road. We as a global culture just might be really, really lost and bereft of history if that was to be the case.
I frankly think that Apple under Tim Cook is in a historically unique position of making cultural preservation of games and software feasible and something built into the whole social and legal contract of proprietary, locked down platforms. It's not like Sony is going to lead the way with the PlayStation?
I mean, to really make preservation legit, there needs to be some sort of useful official emulation and data extraction capability down the road. For all we know now, there might be terrible legislation that prohibits reverse engineering in a lot of jurisdictions.
There's of course a lot problems to solve, with all the crypto and stuff, and licensing, but someone should be on this. Especially since software distribution is becoming all ephemeral and download based! Not to mention the cloud fragmentation of personal data.
shmerl|9 years ago
http://www.fixthedmca.org
thomasfl|9 years ago
wmil|9 years ago
Also app-specific DRM is unnecessary AFAIK, so that will avoid common problems.
shmerl|9 years ago
Breaking DRM is like finding a cure for insanity ;)
quakeguy|9 years ago
Well said.
Asooka|9 years ago
[deleted]
donatj|9 years ago
christoph|9 years ago
Tape/wedge the drive lid sensor down, power up with a real game in (you don't need to close the lid as the sensor believes the lid is always shut) and allow it do the initial copy protection check on your real disc.
At this point it stops the disc for just less than second - just enough time to pull the real disc out and swap in a CD-R. It takes a little practice and potentially can damage the drive motor if your timing is frequently poor.
Games this won't work with are those spanning multiple discs where you need to swap discs in game to progress.
kevin_thibedeau|9 years ago
Grazester|9 years ago
To achieve this did not require fully reverse engineering the cdrom controller but it is great someone did though.
city41|9 years ago
mjevans|9 years ago
kowdermeister|9 years ago
StavrosK|9 years ago
arprocter|9 years ago
voltagex_|9 years ago
jonhohle|9 years ago
There are a lot of great games (including PS1 and PSP games) for the system, but once the hardware dies or the download servers are shut down, what is left for people who still want to play these games?
In the back of my mind I've been thinking what digital consumer rights look like. It seems like this point in history has laws that favor publishers more than consumers or the public good.
bane|9 years ago
tlrobinson|9 years ago
Unklejoe|9 years ago
These crazy reverse engineering projects kind of make me feel insecure about my own abilities, as weird as it sounds.
I wonder if I would have been able to come up with the same solution if I worked at it. My fear is that I would not, but who knows.
A lot of it is purely analytical, but there is a portion that relies on pure creativity and problem solving abilities.
I understand the process he went through as well as the technical details behind it, but following along is much easier than looking at a circuit board with a blank face, wondering where to begin.
I spent the last 2 hours last night just reading about Sega Saturn…
centizen|9 years ago
unknown|9 years ago
[deleted]
mmastrac|9 years ago
http://assemblergames.com/l/threads/saturn-cd-block-rom-dump...
kilroy123|9 years ago
nacs|9 years ago
pedrocr|9 years ago
abrasive|9 years ago
ekianjo|9 years ago
stepvhen|9 years ago
long story short, it is the real solution, but its not a practical one by any means.
bane|9 years ago
Emulation is the best possible path IMHO since it enables the games to be played (and experienced) on pretty much any hardware. I think this work may do quite a bit to help in that area, there's really no reason the Saturn isn't nearly perfectly emulated these days.
Reproduction is the next best and much harder than Emulation. Basically figuring out how to build the hardware again. There's several versions of this with much older hardware (C64, 2600, etc.) with new hardware being produced that can run the old software natively. There's also "lesser" versions that use modern CPUs, etc. to run the code basically also in emulation, but this is not the same thing. However, reproduction is both technically more difficult and has a smaller audience who's willing to add yet another machine to their collection to see old games.
also, MESS's emulation is also not too terrible, I was pretty surprised with how many games worked under it
illinx|9 years ago
pbhjpbhj|9 years ago
donpdonp|9 years ago
_qbjt|9 years ago
uxp100|9 years ago
Also, you mention CD-RW, but IIRC you could not boot off CD-RW, only CD-R. Or maybe that was the softmodded xbox?
lucb1e|9 years ago
Yeah about that, I don't get it. Is there data hidden in that spiral that acts as a checksum for the CD or something? Or is it of special material that lights up differently under certain light (like money)?
To me it doesn't look that hard to duplicate a simple spiral, but then I know nothing about it.
rasz_pl|9 years ago
Playstation also had a trapdoor Parallel I/O port exposing raw address/data bus, it was meant for network interface, debugging(PSY-Q) and stuff(ActionReplay/GameShark). Great thing about that port is you can hang your own ROM there and console will execute it while booting, no code signing/drm crap.
Afair at the beginning PSIO patched original firmware replacing all CD routines with its own, but later in the project it was discovered a lot of games talked straight to the hardware ignoring SONY requirements for using BIOS routines. This is why current version comes with small board you need to solder inside to reroute chip select signals from the CD controller chip - PSIO emulates that chip completely. You still get data faster than CD due to no seek times. https://www.youtube.com/watch?v=Wc3rOb7Evxc
Original work from 1999 http://web.archive.org/web/19990220052039/http://www.geociti...
Gamecube has IDE-EXI, same thing http://www.gc-forever.com/wiki/index.php?title=Ide-exi
voltagex_|9 years ago
dmix|9 years ago
slg|9 years ago
Anyway, the basic story is that the Saturn had copy protection in the form of physical marks on the copy protected CDs. This puts a huge barrier to entry on homebrew and the like, so a guy going by Dr Abrasive tried to reverse engineer a way around that. He first looked into a way of disabling the copy protection on the CDs to allow burned CDs to be used but that proved too difficult.
He eventually hit upon the fact that the Saturn had an external module that could be added to allow the system to play video CDs. He then built a component to take advantage of that fact and feed in his own commands through this interface thereby avoiding the copy protection entirely. This allowed content to be run from USB sticks without the need for CDs at all, lowering the barrier to entry even more. It also helps workaround mechanical failure of the CD drive which is becoming a common problem for the 20 year old hardware.
So now if you have this custom built component, you can take an off the shelf system and start running code from a USB stick without any soldering, hacking, or modification at all beyond plugging the device into the back of the console.
anonymfus|9 years ago
corysama|9 years ago
rwc|9 years ago
fernandopj|9 years ago
speps|9 years ago
tsao|9 years ago
voltagex_|9 years ago
>I, myself, am not going to release these ROMs. This isn't the first project where I've dumped a commercial object for some other purpose and been asked to share (see: shairport, for one), and after much thought I conclude - now, as then - that it's not the right thing for me to do in any project. There are legal and professional risks which I'm just not comfortable taking. That's not negotiable.
>But that's not to say I won't help you dump it yourself. I'll have a dump feature in the cart, and I'm sure someone will rapidly archive all the available systems.
jrockway|9 years ago
ben174|9 years ago
0x0|9 years ago
city41|9 years ago
The Playstation also has one, the ps-io[2]. I'm really hoping for someone to step up and do the PC Engine, Neo Geo CD, Sega CD and 3DO.
[0]https://gdemu.wordpress.com/about/
[1]https://gdemu.wordpress.com/installation/rhea-installation/
[2]http://ps-io.com/
HemanHeartYou|9 years ago
You might be interested in the turbo everdrive from http://krikzz.com/
tomphoolery|9 years ago
Bromskloss|9 years ago
zdw|9 years ago
And in general, most console systems are a serious bundle of hacks, mostly tolerated by programmers by the sole fact that you can rely on every system to be identical.
grawlinson|9 years ago
Not to mention that all the relevant information may not exist anymore, or is in a storage facility somewhere growing mold.
83457|9 years ago
djsumdog|9 years ago
Grazester|9 years ago
orblivion|9 years ago
miah_|9 years ago
If a new console used the wobble/burst then surely you'd be able to order these CDR's from Alibaba..
tlrobinson|9 years ago
MrTortoise|9 years ago
I applaud crazy fuckers like you. The world needs more of you.
Well done sir.
peterwwillis|9 years ago
Grazester|9 years ago
bluesign|9 years ago
abrasive|9 years ago
Of course, if you sit at that point in the system you have a different set of problems and capabilities. Much easier to build hardware for, but no data output, and of course you need to disassemble the console to get there in the first place.
patates|9 years ago
DigitalJack|9 years ago
tlrobinson|9 years ago
mech4bg|9 years ago
"I hope this lays the matter to rest, and prevents anyone from wasting more time on it (like my day burning useless discs). I'm sure someone will wave their hands around and say that custom burner firmware could do the job, but good luck finding a burner with a programmable DSP in the pregroove tracking loop and managing to modify it to do the job."
hyperion2010|9 years ago
Bromskloss|9 years ago
rsync|9 years ago
You can also rip a sega saturn CD in your computer. I particularly enjoy the music from Sega Rally Championship and Virtua Fighter 2.
bydo|9 years ago
space_ghost|9 years ago
jryan49|9 years ago
machinagod|9 years ago
SonicSoul|9 years ago
Ocerge|9 years ago
zouhair|9 years ago
voltagex_|9 years ago
These days my interest in game cracking is mainly for archival purposes. (are you going to be able to play this game in 50 years?)
unsignedqword|9 years ago
lmz|9 years ago
DeepYogurt|9 years ago
Halienja|9 years ago
tomphoolery|9 years ago
[deleted]