It is currently Sun Sep 22, 2019 12:10 pm

All times are UTC - 7 hours





Post new topic Reply to topic  [ 412 posts ]  Go to page Previous  1 ... 21, 22, 23, 24, 25, 26, 27, 28  Next
Author Message
 Post subject:
PostPosted: Wed May 09, 2007 1:15 pm 
Offline

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 21595
Location: NE Indiana, USA (NTSC)
We understand the Rabbit microcontroller's machine code. But I haven't seen any effort to understand the authentic CIC's machine code.

_________________
Pin Eight | Twitter | GitHub | Patreon


Top
 Profile  
 
 Post subject:
PostPosted: Wed May 09, 2007 9:26 pm 
Offline
User avatar

Joined: Mon Sep 27, 2004 8:33 am
Posts: 3715
Location: Central Texas, USA
I think the attempt is to understand the common algorithm used by both. Once you've duplicated that, who cares how it's implemented in the real thing?


Top
 Profile  
 
 Post subject:
PostPosted: Thu May 10, 2007 6:24 am 
Offline

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 21595
Location: NE Indiana, USA (NTSC)
Because I seem to remember seeing microscopic evidence that the Super NES CIC appears to use the same microcontroller as the NES CIC with a completely different program.

_________________
Pin Eight | Twitter | GitHub | Patreon


Top
 Profile  
 
 Post subject:
PostPosted: Thu May 10, 2007 8:00 am 
Offline

Joined: Wed Mar 22, 2006 8:00 am
Posts: 354
blargg wrote:
I think the attempt is to understand the common algorithm used by both. Once you've duplicated that, who cares how it's implemented in the real thing?
AFAIK the algorithm was changed from the NES to the SNES. If the algorithm is indeed the same, however, I can reverse-engineer the keys if I am given a log of the communications between the lock and key (as I have for the regional CICs). Has anyone ever logged the SNES CIC's communication?

_________________
"Last version was better," says Floyd. "More bugs. Bugs make game fun."


Top
 Profile  
 
 Post subject:
PostPosted: Thu May 10, 2007 11:33 am 
Offline

Joined: Wed May 09, 2007 12:45 pm
Posts: 58
From what I've read so far, tengen chip's opcodes are fully understood, and its code reversed. But, the opcodes can be different from NES CIC, thus, making a snes version impossible.
The only solution, in this case, would be to restart everything again, but with NES (or SNES) CIC (as they share the same hardware, but not the same data).
And, what makes it harder, is that tengen chip was reversed quickly after a "debug mode" was found, and not using microscope pictures.
Am I right so far?


Top
 Profile  
 
 Post subject:
PostPosted: Thu May 10, 2007 7:49 pm 
Offline

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 21595
Location: NE Indiana, USA (NTSC)
But now that we know the 10NES algorithm (from the Rabbit's debug mode), shouldn't that help us find the NES CIC's instruction encoding, and from there to a way to decode the Super NES CIC instruction?

_________________
Pin Eight | Twitter | GitHub | Patreon


Top
 Profile  
 
 Post subject:
PostPosted: Thu May 10, 2007 10:13 pm 
Offline

Joined: Wed Mar 22, 2006 8:00 am
Posts: 354
tepples wrote:
But now that we know the 10NES algorithm (from the Rabbit's debug mode), shouldn't that help us find the NES CIC's instruction encoding, and from there to a way to decode the Super NES CIC instruction?
Before we can do that, we need to know how the ROM bits are arranged (we only have the raw dump, as the bits exist physically, but that doesn't tell us how the bits appear to the processor). I think someone was going to make ROM dumps for the international CIC variants - has that ever happened? If such dumps exist, I wouldn't mind doing some comparisons against the 3193 dump, which would help figure out the bit organization.

Even then, it would by no means be an easy task to figure out the instruction set, as we have no info on the real CIC's technical capabilities. Knowing the algorithm definitely helps, though, and it wouldn't surprise me at all if it can eventually be accomplished.

_________________
"Last version was better," says Floyd. "More bugs. Bugs make game fun."


Top
 Profile  
 
 Post subject:
PostPosted: Fri May 11, 2007 1:30 pm 
Offline
User avatar

Joined: Fri May 11, 2007 12:47 pm
Posts: 119
Location: Guelph, Ontario, Canada
hey i have a couple questions i hope someone can help me with :)

1. the clock divider is by 4 right? 4mhz/4 so 1mhz?
and what speed is the input/output data?

2. i see seeds for 3195, 3196 and 3197 what about 3193 3198?
and the "X" can that nibble be anything? is it a mistake in 10NES?

3. does anyone have a copy of the real CIC binary?
i wouldn't mind seeing it :)

thanks...


Top
 Profile  
 
 Post subject:
PostPosted: Fri May 11, 2007 2:02 pm 
Offline
User avatar

Joined: Fri May 11, 2007 12:47 pm
Posts: 119
Location: Guelph, Ontario, Canada
...


Last edited by jims cool on Wed Mar 24, 2010 10:36 pm, edited 1 time in total.

Top
 Profile  
 
 Post subject:
PostPosted: Fri May 11, 2007 3:30 pm 
Offline

Joined: Wed Mar 22, 2006 8:00 am
Posts: 354
jims cool wrote:
1. the clock divider is by 4 right? 4mhz/4 so 1mhz?
and what speed is the input/output data?

2. i see seeds for 3195, 3196 and 3197 what about 3193 3198?
and the "X" can that nibble be anything? is it a mistake in 10NES?

3. does anyone have a copy of the real CIC binary?

1. The Tengen chip executes 1 instruction every 4 clock cycles, so yes, the instruction execution speed is 1 MHz. It is assumed that the original CIC also works this way, but I don't know if it was ever verified.

As for the I/O, that is controlled by the code. The Tengen ROM was translated to C, so you can check out how it works (including timing) here:

http://thefox.aspekt.fi/Tengen.c

2. The 3193's seed (if I'm reading the Tengen code right - I don't have it in my notes) is as follows:

LOCK: 3952F20F9109997
KEY: x952129F910DF97

The "x" can be any 4-bit value. At the start of execution, the chip inside the NES randomly picks a value and sends it to the chip inside the cartridge. Note that you need to do some math on the transmitted value in order to determine what to use for "x" (see the Tengen source linked above).

The 3198 has not been reverse-engineered. That chip only appears in the Famicombox, and it appears to operate differently from the CIC's used in the NES.

3. The ROM data, as it appears under a microscope, can be seen here:

http://www.nesmuseum.com/10nes/nescicrom.txt

The bits are interleaved, but we don't know how they are arranged.

_________________
"Last version was better," says Floyd. "More bugs. Bugs make game fun."


Top
 Profile  
 
 Post subject:
PostPosted: Fri May 11, 2007 4:41 pm 
Offline
User avatar

Joined: Fri May 11, 2007 12:47 pm
Posts: 119
Location: Guelph, Ontario, Canada
thanks that helps a bunch :D
if the SNES and NES use the same chip with a different code the bits should be in the same order
think I'll look into the NES CIC some more Tengen said they had there chip working before they even had the copyright documents :)
so i wonder if they found out the order of the bits or some how cracked the I/O
I'm thinking they most likely found out the order....


Top
 Profile  
 
 Post subject:
PostPosted: Fri May 25, 2007 7:06 pm 
Offline

Joined: Sun Nov 14, 2004 11:24 am
Posts: 330
I found the patent for the CIC chip:

http://www.google.com/patents?id=81EWAAAAEBAJ


Top
 Profile  
 
 Post subject:
PostPosted: Sun May 27, 2007 7:13 am 
Offline

Joined: Fri Jun 16, 2006 11:24 pm
Posts: 14
Just wanted to congratulate all the gurus here who figured out the NES lockout chip.

Anyone know what protection the Playchoice-10 carts used? (I know they used something to prevent operators from copying NES games to PC10 carts)

Also, did the VS Unisystem have anything other than the custom palettes?


Top
 Profile  
 
 Post subject:
PostPosted: Sun May 27, 2007 7:50 am 
Offline

Joined: Wed Mar 22, 2006 8:00 am
Posts: 354
jonwil wrote:
Also, did the VS Unisystem have anything other than the custom palettes?
Some VS Unisystem games used a different PPU that changed registers $2000 and $2001 around. The PPU also returned a specific value in the unused bits of $2002, which games would check in order to verify they were working on the right hardware. Also, I think some games switched around the controller configurations as well, which would've caused confusion if the wrong game was played on the wrong system. I'm not an arcade expert, though, so I may not remember very accurately.

_________________
"Last version was better," says Floyd. "More bugs. Bugs make game fun."


Top
 Profile  
 
 Post subject:
PostPosted: Sun May 27, 2007 8:06 am 
Offline

Joined: Fri Jun 16, 2006 11:24 pm
Posts: 14
Does anyone know if the CIC chip (or any similar chip) was used for any known Nintendo arcade machine (dedicated, Playchoice 10, VS Unisystem, Nintendo Super System or otherwise)


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 412 posts ]  Go to page Previous  1 ... 21, 22, 23, 24, 25, 26, 27, 28  Next

All times are UTC - 7 hours


Who is online

Users browsing this forum: No registered users and 8 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group