What happened with SNES CIC reverse engineering?

Discussion of hardware and software development for Super NES and Super Famicom.

Moderator: Moderators

Forum rules
  • For making cartridges of your Super NES games, see Reproduction.
User avatar
Jeroen
Posts: 982
Joined: Tue Jul 03, 2007 1:49 pm

Post by Jeroen » Sun Mar 21, 2010 5:31 pm

Memblers: guess we have to get cracking on some snes homebrew huh?

User avatar
Banshaku
Posts: 2329
Joined: Tue Jun 24, 2008 8:38 pm
Location: Fukuoka, Japan
Contact:

Post by Banshaku » Sun Mar 21, 2010 5:51 pm

@Memblers & Jeroen:

Yeah.. Because for now, the only use for the CIC is quite obvious. It will surely spur a lot of wannabe cart makers. But still, if we look at the bright side, maybe someone, someday, can make is own home brew cart more easily.

User avatar
MottZilla
Posts: 2832
Joined: Wed Dec 06, 2006 8:18 pm

Post by MottZilla » Sun Mar 21, 2010 7:30 pm

I doubt this will be used for bootlegs. Bootlegs still need a PCB, which generally come with a CIC anyway. I don't think anyone is going to manufacture new PCBs to produce bootlegs. Not unless they were going all out making tons of them. I doubt that would be profitable though.

orwannon
Posts: 40
Joined: Fri Feb 20, 2009 10:07 am

Post by orwannon » Mon Mar 22, 2010 1:53 am

Good point, MottZilla. I guess those counterfeit cart sellers are up to a quick buck without much of a production hassle. Not being one of them, I can but speculate about their motivations, though.

Anyway, the SNES CIC clone is quite possibly the best solution for homebrewn cart projects intended to run on all hardware without restrictions, such as the PowerPak, the Neo Myth cart or the multi-region hardware test cart I'm working on. ;)

So, once I get my hands on a 12F629, I'll try this out. Thanks again, ikari_01!

User avatar
Banshaku
Posts: 2329
Joined: Tue Jun 24, 2008 8:38 pm
Location: Fukuoka, Japan
Contact:

Post by Banshaku » Mon Mar 22, 2010 3:28 am

For the home brew part, yep, I hope I can get one of those on a dev cart someday.

User avatar
Memblers
Site Admin
Posts: 3786
Joined: Mon Sep 20, 2004 6:04 am
Location: Indianapolis
Contact:

Post by Memblers » Tue Mar 23, 2010 1:41 pm

MottZilla wrote:I doubt this will be used for bootlegs. Bootlegs still need a PCB, which generally come with a CIC anyway.
That's like what I was thinking, except that you need cart cases as well. Anyone could afford PCBs, just the setup cost alone for making cart cases requires selling an unrealistic amount of a single homebrew game to break even.

With this PIC code you could make new boards of any design you want, use this PIC, and recycle any surplus common carts for their shells. If you want to collect those games as boards, it's free. :)

It would be cool too if the Powerpak cart shell could be re-purposed for this. If it comes with a big hole for a CF card though, that might be a little odd.

I had kind of wondered about making an SNES port of the Garage Cart series, but I don't think I want to bother with the PPU emulation myself anytime soon and it requires enough reprogramming as it is. :)

User avatar
Jeroen
Posts: 982
Joined: Tue Jul 03, 2007 1:49 pm

Post by Jeroen » Wed Mar 24, 2010 12:48 pm

I know bunny mills the nes powerpaks out so the cf card wil fit...and I cant imagine him not having the foresight of possible snes homebrews.

johker
Posts: 1
Joined: Tue Mar 30, 2010 8:13 am

Post by johker » Tue Mar 30, 2010 8:31 am

Is there also a lock mode PIC implementation available for use on an SNES mainboard? This would be perfect for a multi-region console allowing playback of games of any region (even SA1 and SDD1 games like Super Mario RPG would work, which doesn't work with most available Lockout-Mods).
How would the current key mode implementation have to be changed to turn it into a lock mode implementation? I have no knowledge about PIC programming, I'm just asking out of curiosity.

caitsith2
Posts: 74
Joined: Mon May 26, 2008 11:41 pm

Post by caitsith2 » Tue Mar 30, 2010 10:47 pm

From what I can tell, the key is NOT able to tell which lock region it is running on. On the other hand, the lock IS able to tell which CIC key region is currently being used, if programmed right.

When the Lock/Key have initialized their seeds, the Lock sends the lower bits of ALL of its side to the key, and nothing in that changes between regions, so the key is not able to tell, other than by incorrect bits sent.

The Lock sends its 4 bit random value to the key. Bit 0 of that random value is going to already be known when the key sends it back. Next, Bit 0 of the next value, also sent by the key, effectively specifies the region.

Now, a modded console could have the cic clock source removed, and the lock in console sends the clock to the key cic, in effect, controlling the timing.

I plan to write some test code to try this out, which will happen once my PIC chips arrive. (one to be programmed with the key, the other to try and communicate with said key.)

User avatar
ikari_01
Posts: 141
Joined: Sat Jul 04, 2009 2:28 pm
Location: Wunstorf, Germany

Post by ikari_01 » Tue Mar 30, 2010 11:42 pm

Exactly. The lock can autodetect the key region even of an original CIC. Manipulating the clock is not really necessary though, there is still plenty of time between the bit transfers to check the key region and do other things.
The only part that was a little tight is the hash calculation, though there are still 18-20 cycles left per iteration.

User avatar
ikari_01
Posts: 141
Joined: Sat Jul 04, 2009 2:28 pm
Location: Wunstorf, Germany

Post by ikari_01 » Sat Apr 10, 2010 10:42 am

OK, I've updated the archive with a lock implementation.
This implementation autodetects the key region and switches behavior accordingly.
There is no status pin anymore because all 6 I/O pins of the 8-pin package are now used for actual CIC signals.

Note that it never disables the console, even if the key CIC is missing, except when the RESET button is pressed on the console. That way CIC-less cartridges can be supported while maintaining compatibility with cartridges that demand a working lock CIC, such as S-DD1 or SA-1 enabled games.
The lock code can also be reassembled to run on a 12F609 as no EEPROM is required. Maybe some register has to be renamed or removed.

User avatar
MottZilla
Posts: 2832
Joined: Wed Dec 06, 2006 8:18 pm

Post by MottZilla » Sat Apr 10, 2010 11:43 am

That's awesome. Have you been able to test the lock version with a SA-1 and SDD-1 cartridge yet?

User avatar
ikari_01
Posts: 141
Joined: Sat Jul 04, 2009 2:28 pm
Location: Wunstorf, Germany

Post by ikari_01 » Sat Apr 10, 2010 1:15 pm

I don't have an SA1 cartridge but I'll test with Star Ocean shortly. It does work with plain key CICs. :)

Uhh, what was the S-DD1 failure mode for missing CIC again? :oops:
Right now it seems to run perfectly on my modded SNES without the PIC.

User avatar
Jeroen
Posts: 982
Joined: Tue Jul 03, 2007 1:49 pm

Post by Jeroen » Sat Apr 10, 2010 3:49 pm

So any chance you could maybe make a write up on the basic functions of the code? I mean we technicly have your code...but deciphering someone elses code isnt always the most efficient way to find out (imo). No biggie if you have no time/don't want to though.

User avatar
MottZilla
Posts: 2832
Joined: Wed Dec 06, 2006 8:18 pm

Post by MottZilla » Sat Apr 10, 2010 5:09 pm

ikari_01 wrote:I don't have an SA1 cartridge but I'll test with Star Ocean shortly. It does work with plain key CICs. :)

Uhh, what was the S-DD1 failure mode for missing CIC again? :oops:
Right now it seems to run perfectly on my modded SNES without the PIC.
I'm not sure what the deal is with the SDD1. The SA-1 games are what I recall being impossible to run without the proper NTSC or PAL system with working CIC.

Post Reply