It is currently Sun Oct 22, 2017 3:13 am

All times are UTC - 7 hours





Post new topic Reply to topic  [ 68 posts ]  Go to page Previous  1, 2, 3, 4, 5  Next
Author Message
 Post subject:
PostPosted: Wed Aug 10, 2005 6:54 am 
Offline

Joined: Wed Feb 09, 2005 9:31 am
Posts: 418
Memblers wrote:
Yep, that much we do know. I'd heard of the FDS's security chip, but never stopped to think it was this same CIC also.

The most useful thing to see now in the chip itself is the differences between the program for different regions. Could be useful, in the hopes that the program is pretty similar. As it is now, we don't really know how the memory rows/columns are decoded. So it's hard to even start trying to guess the instruction set.

The best thing would probably be to look at Tengen's chip. Supposedly it's core was done by Motorola, so it'll be something pretty different at least.

People have figured this stuff out before.. I know some Game Doctors and probably other SNES copiers had CIC clones in them.


Was Nevistki's reading of the CIC ROM successful? I thought the CIC chip also contained a common embedded CPU for running the ROM code, like a PIC but different make/model. Why not just buy that chip and burn the CIC ROM image to it for homebrew carts?


Top
 Profile  
 
 Post subject:
PostPosted: Wed Aug 10, 2005 9:27 am 
The reading was successful (sort-of), but the CPU type is *not* known. Netviski read the bits out of the memory, but doesn't know for sure how they arrange into bytes, and in what order. If we knew the CPU type, we could try a number of likely orders until we got a program that seems reasonable and then transcode that to e.g. a PIC.


Top
  
 
 Post subject:
PostPosted: Wed Aug 10, 2005 11:32 am 
Offline

Joined: Wed Feb 09, 2005 9:31 am
Posts: 418
Anonymous wrote:
The reading was successful (sort-of), but the CPU type is *not* known. Netviski read the bits out of the memory, but doesn't know for sure how they arrange into bytes, and in what order. If we knew the CPU type, we could try a number of likely orders until we got a program that seems reasonable and then transcode that to e.g. a PIC.


Damn, well, is somebody still actively trying to figure out the remaining details? Maybe just a trip to the patent office to figure out what the instruction set is or the chip? If the CIC could be emulated with an ultra-cheapy PIC, that would open the door for homebrew carts made entirely out of new custom parts.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Aug 10, 2005 1:09 pm 
Offline
User avatar

Joined: Fri Nov 12, 2004 2:49 pm
Posts: 7234
Location: Chexbres, VD, Switzerland
Jagasian wrote:
Damn, well, is somebody still actively trying to figure out the remaining details? Maybe just a trip to the patent office to figure out what the instruction set is or the chip? If the CIC could be emulated with an ultra-cheapy PIC, that would open the door for homebrew carts made entirely out of new custom parts.

Yeah, that would be really great. I ask myself what would be the difference between new CIC and old CIC like Memblers said. I personately didn't have any problem for both consoles I've on the hand.
Scince old games should be compatible with new consoles and new games should be compatible with old consoles, the new CIC can't be really much more different than the old one.
Would it be possible to manually clock a CIC and check all the outpouts of a CIC when it's in LOCK, then KEY, then try to make them to matches to unlock the "sequel" of the CIC comminication part, etc... in order to know wich value should each outpout take to each clock edge ? That wouldn't be more complicated to use a microscope or something.

_________________
Life is complex: it has both real and imaginary components.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Aug 10, 2005 3:53 pm 
Offline
Site Admin
User avatar

Joined: Mon Sep 20, 2004 6:04 am
Posts: 3470
Location: Indianapolis
Bregalad wrote:
Would it be possible to manually clock a CIC and check all the outpouts of a CIC when it's in LOCK, then KEY, then try to make them to matches to unlock the "sequel" of the CIC comminication part, etc... in order to know wich value should each outpout take to each clock edge ? That wouldn't be more complicated to use a microscope or something.


Yeah, it's been done. The data stream is mostly a lot of zeros, with some ones thrown in occasionally. A couple problems: there's several different sequences (unknown how one is agreed upon), and they're much too long to simply play back.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Aug 10, 2005 4:02 pm 
Offline

Joined: Wed Feb 09, 2005 9:31 am
Posts: 418
Memblers wrote:
Bregalad wrote:
Would it be possible to manually clock a CIC and check all the outpouts of a CIC when it's in LOCK, then KEY, then try to make them to matches to unlock the "sequel" of the CIC comminication part, etc... in order to know wich value should each outpout take to each clock edge ? That wouldn't be more complicated to use a microscope or something.


Yeah, it's been done. The data stream is mostly a lot of zeros, with some ones thrown in occasionally. A couple problems: there's several different sequences (unknown how one is agreed upon), and they're much too long to simply play back.


If they are mostly zeros, wouldn't it be easy to record and playback the sequences? Just record the number of zeros between ones.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Aug 10, 2005 5:03 pm 
Offline

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 19115
Location: NE Indiana, USA (NTSC)
Jagasian wrote:
If they are mostly zeros, wouldn't it be easy to record and playback the sequences? Just record the number of zeros between ones.

Sure, RLEing the sequences might work, unless the sequences are several million steps long. Something based on a 32-bit LFSR might have a period of billions of units before it repeats.

The difference between the "old CIC" and the "new CIC" lies mostly in some input protection (diodes etc) to prevent the -5V trick from working.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Aug 11, 2005 12:42 am 
Offline
User avatar

Joined: Fri Nov 12, 2004 2:49 pm
Posts: 7234
Location: Chexbres, VD, Switzerland
tepples wrote:
Sure, RLEing the sequences might work, unless the sequences are several million steps long. Something based on a 32-bit LFSR might have a period of billions of units before it repeats.

Sure, it would be impossible to do this with a squence that's THAT long, but who tells you it were that long ? It may be short as well.

_________________
Life is complex: it has both real and imaginary components.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Aug 11, 2005 8:15 am 
Because people have recorded hours of data (far too big to fit in anything affordable), and never seen the damn thing wrap around?


Top
  
 
 Post subject:
PostPosted: Sat Aug 13, 2005 12:48 am 
Offline
User avatar

Joined: Fri Nov 12, 2004 2:49 pm
Posts: 7234
Location: Chexbres, VD, Switzerland
I just got a better idea. By producing NES adaptator similar to the SNES AD-29 adaptators, it would be easy to bypass the lockout. That would need to have one male 72-pin connector, that would connect inside the NES, connected itself to a flat cable going out of the NES itself. Then, the flat cable would about on another unit, with two 72-pin female connectors. The first slot would connect to VCC, GND and all other pins into the NES exept the security ones. The segond slot would connect only to the VCC and GND that the lockout chip needs, and also connect to the security lines. So the user just have to insert that device in his NES, to insert the homebrew cartidge in slot A, and to insert any of his licenced cartidges in slot B.
That would also work as a USA/Europe adaptater, scince you can insert a US game in slot A and a PAL game in slot B to run an american game on an european NES and vice versa.
Well, the problem is that would need to produce lots of them with pattents and stuff, before begining to actually sell homebrew games.

_________________
Life is complex: it has both real and imaginary components.


Top
 Profile  
 
 Post subject:
PostPosted: Sat Aug 13, 2005 10:10 am 
Offline

Joined: Wed Feb 09, 2005 9:31 am
Posts: 418
Bregalad wrote:
I just got a better idea. By producing NES adaptator similar to the SNES AD-29 adaptators, it would be easy to bypass the lockout. That would need to have one male 72-pin connector, that would connect inside the NES, connected itself to a flat cable going out of the NES itself. Then, the flat cable would about on another unit, with two 72-pin female connectors. The first slot would connect to VCC, GND and all other pins into the NES exept the security ones. The segond slot would connect only to the VCC and GND that the lockout chip needs, and also connect to the security lines. So the user just have to insert that device in his NES, to insert the homebrew cartidge in slot A, and to insert any of his licenced cartidges in slot B.
That would also work as a USA/Europe adaptater, scince you can insert a US game in slot A and a PAL game in slot B to run an american game on an european NES and vice versa.
Well, the problem is that would need to produce lots of them with pattents and stuff, before begining to actually sell homebrew games.


That is probably a better idea, as long as it could be cheaply produced. Then an organization like Membler's industry could sell the adapter as well as homebrew games. All of which are made from custom parts. If you want to play the games and you don't have a modded system, then of course, you will need to get yourself an adapter.


Top
 Profile  
 
 Post subject:
PostPosted: Sat Aug 13, 2005 11:30 am 
Offline

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 19115
Location: NE Indiana, USA (NTSC)
Better yet, why not just have the homebrew community standardize on the Famicom form factor and then make a T-connector that accepts a licensed NES cart and a Famicom cart?


Top
 Profile  
 
 Post subject:
PostPosted: Sat Aug 13, 2005 2:37 pm 
Offline
Site Admin
User avatar

Joined: Mon Sep 20, 2004 6:04 am
Posts: 3470
Location: Indianapolis
What Bregalad describes sound kinda like what HES used.
http://www.consoledatabase.com/companies-organisations/hes/

OTOH, it is very tempting to just switch over to Famicom format. Only problem is that hardly anyone around here has a real Famicom, and all the clones kinda suck in various ways.

I'm trying to imagine what a T-connector would look like for the front-loader, and it isn't very pretty, heheh. Woah, here we go, linked to from that last page: http://www.consoledatabase.com/accessories/nes/hesunidaptor/index.html
Looks pretty expensive to make.


Top
 Profile  
 
 Post subject:
PostPosted: Sun Aug 14, 2005 12:49 am 
Offline
User avatar

Joined: Fri Nov 12, 2004 2:49 pm
Posts: 7234
Location: Chexbres, VD, Switzerland
Memblers wrote:
What Bregalad describes sound kinda like what HES used.
http://www.consoledatabase.com/companies-organisations/hes/

OTOH, it is very tempting to just switch over to Famicom format. Only problem is that hardly anyone around here has a real Famicom, and all the clones kinda suck in various ways.

I'm trying to imagine what a T-connector would look like for the front-loader, and it isn't very pretty, heheh. Woah, here we go, linked to from that last page: http://www.consoledatabase.com/accessories/nes/hesunidaptor/index.html
Looks pretty expensive to make.

Yeah, it's just what I was thinking about, I've a similar adaptator on my SNES and I just say to myself what it wouldn't work fine on the NES. The thing is simpler on the SNES because Jap games and USA games have exactly the same pinout, but different pattent, so I can play PAL games as well than USA and Jap games on my SNES.
It would be pretty expensive, but less expensive than a homebrew cartidge scince no circuitery is needed, only pattent, flat cables and connectors.
Well, about the Famicom format, that wouldn't be stupid scince Famicom cartidges doesn't have any CIC, but someone with a toploader or a NES without lockout chip would need a FC2NES adaptator to have it working.
Better yet, design our own own format so people would be forced to buy the adaptator. That would be totally crap and stupid, but those kind of methods are typically the ones that Nintedo uses a lot.

_________________
Life is complex: it has both real and imaginary components.


Top
 Profile  
 
 Post subject:
PostPosted: Sun Aug 14, 2005 4:12 am 
Offline

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 19115
Location: NE Indiana, USA (NTSC)
Memblers wrote:
I'm trying to imagine what a T-connector would look like for the front-loader, and it isn't very pretty, heheh. Woah, here we go, linked to from that last page: http://www.consoledatabase.com/accessories/nes/hesunidaptor/index.html
Looks pretty expensive to make.

I was imagining something more like the Unidaptor MkII, except with a 60 pin connector (for PRG and CHR buses) on top and a 72 pin connector (for CIC passthrough) on the bottom.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 68 posts ]  Go to page Previous  1, 2, 3, 4, 5  Next

All times are UTC - 7 hours


Who is online

Users browsing this forum: Bing [Bot] and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group