What happened with SNES CIC reverse engineering?
Moderator: Moderators
Forum rules
- For making cartridges of your Super NES games, see Reproduction.
Good point, MottZilla. I guess those counterfeit cart sellers are up to a quick buck without much of a production hassle. Not being one of them, I can but speculate about their motivations, though.
Anyway, the SNES CIC clone is quite possibly the best solution for homebrewn cart projects intended to run on all hardware without restrictions, such as the PowerPak, the Neo Myth cart or the multi-region hardware test cart I'm working on.
So, once I get my hands on a 12F629, I'll try this out. Thanks again, ikari_01!
Anyway, the SNES CIC clone is quite possibly the best solution for homebrewn cart projects intended to run on all hardware without restrictions, such as the PowerPak, the Neo Myth cart or the multi-region hardware test cart I'm working on.
So, once I get my hands on a 12F629, I'll try this out. Thanks again, ikari_01!
That's like what I was thinking, except that you need cart cases as well. Anyone could afford PCBs, just the setup cost alone for making cart cases requires selling an unrealistic amount of a single homebrew game to break even.MottZilla wrote:I doubt this will be used for bootlegs. Bootlegs still need a PCB, which generally come with a CIC anyway.
With this PIC code you could make new boards of any design you want, use this PIC, and recycle any surplus common carts for their shells. If you want to collect those games as boards, it's free.
It would be cool too if the Powerpak cart shell could be re-purposed for this. If it comes with a big hole for a CF card though, that might be a little odd.
I had kind of wondered about making an SNES port of the Garage Cart series, but I don't think I want to bother with the PPU emulation myself anytime soon and it requires enough reprogramming as it is.
Is there also a lock mode PIC implementation available for use on an SNES mainboard? This would be perfect for a multi-region console allowing playback of games of any region (even SA1 and SDD1 games like Super Mario RPG would work, which doesn't work with most available Lockout-Mods).
How would the current key mode implementation have to be changed to turn it into a lock mode implementation? I have no knowledge about PIC programming, I'm just asking out of curiosity.
How would the current key mode implementation have to be changed to turn it into a lock mode implementation? I have no knowledge about PIC programming, I'm just asking out of curiosity.
From what I can tell, the key is NOT able to tell which lock region it is running on. On the other hand, the lock IS able to tell which CIC key region is currently being used, if programmed right.
When the Lock/Key have initialized their seeds, the Lock sends the lower bits of ALL of its side to the key, and nothing in that changes between regions, so the key is not able to tell, other than by incorrect bits sent.
The Lock sends its 4 bit random value to the key. Bit 0 of that random value is going to already be known when the key sends it back. Next, Bit 0 of the next value, also sent by the key, effectively specifies the region.
Now, a modded console could have the cic clock source removed, and the lock in console sends the clock to the key cic, in effect, controlling the timing.
I plan to write some test code to try this out, which will happen once my PIC chips arrive. (one to be programmed with the key, the other to try and communicate with said key.)
When the Lock/Key have initialized their seeds, the Lock sends the lower bits of ALL of its side to the key, and nothing in that changes between regions, so the key is not able to tell, other than by incorrect bits sent.
The Lock sends its 4 bit random value to the key. Bit 0 of that random value is going to already be known when the key sends it back. Next, Bit 0 of the next value, also sent by the key, effectively specifies the region.
Now, a modded console could have the cic clock source removed, and the lock in console sends the clock to the key cic, in effect, controlling the timing.
I plan to write some test code to try this out, which will happen once my PIC chips arrive. (one to be programmed with the key, the other to try and communicate with said key.)
Exactly. The lock can autodetect the key region even of an original CIC. Manipulating the clock is not really necessary though, there is still plenty of time between the bit transfers to check the key region and do other things.
The only part that was a little tight is the hash calculation, though there are still 18-20 cycles left per iteration.
The only part that was a little tight is the hash calculation, though there are still 18-20 cycles left per iteration.
OK, I've updated the archive with a lock implementation.
This implementation autodetects the key region and switches behavior accordingly.
There is no status pin anymore because all 6 I/O pins of the 8-pin package are now used for actual CIC signals.
Note that it never disables the console, even if the key CIC is missing, except when the RESET button is pressed on the console. That way CIC-less cartridges can be supported while maintaining compatibility with cartridges that demand a working lock CIC, such as S-DD1 or SA-1 enabled games.
The lock code can also be reassembled to run on a 12F609 as no EEPROM is required. Maybe some register has to be renamed or removed.
This implementation autodetects the key region and switches behavior accordingly.
There is no status pin anymore because all 6 I/O pins of the 8-pin package are now used for actual CIC signals.
Note that it never disables the console, even if the key CIC is missing, except when the RESET button is pressed on the console. That way CIC-less cartridges can be supported while maintaining compatibility with cartridges that demand a working lock CIC, such as S-DD1 or SA-1 enabled games.
The lock code can also be reassembled to run on a 12F609 as no EEPROM is required. Maybe some register has to be renamed or removed.
I'm not sure what the deal is with the SDD1. The SA-1 games are what I recall being impossible to run without the proper NTSC or PAL system with working CIC.ikari_01 wrote:I don't have an SA1 cartridge but I'll test with Star Ocean shortly. It does work with plain key CICs.
Uhh, what was the S-DD1 failure mode for missing CIC again?
Right now it seems to run perfectly on my modded SNES without the PIC.