Recently, LaC challenged us to find a small and concise algorithm that would emulate the behavior of PIF/CIC-NUS-6105 challenge/response (C/R) protection scheme. This would allow the replacement of 'pif2.dat' file of Project 64, that contains all the 268 C/R pairs used by 'Jet Force Gemini' and 'Banjo Tooie', with a concise algorithm. After many hours of careful, exhaustive and detailed analysis of 'pif2.dat' C/R pairs, I'm pleased to announce that I've finally found a very concise algorithmic representation of the C/R process, which emulates the desired behavior of the PIF/CIC-NUS-6105. This is the actual C source of the algorithm: The complete software package is available on-line at: http://goo.gl/Ub9FG You should read the 'README' file as it contains a complete explanation of the whole package, the purpose of each file, and the explanation of the four typos that where found in the 'pif2.dat' file during the research process. These 'pif2.dat' challenge/response pairs were the only resource I've used during this project. There was no kind of physical access to N64 hardware. I truly hope this contribution helps the N64 community keeping the magical spirit of this console alive for a long time. Finally, this project would have never been possible without the contributions of the following individuals and organizations: - Oman: For being at the right place at the right time and being brave enough to pay a personal price so we could understand in a much deeper way how this magical console really works. We owe you so much. - Jovis: For all the positive energy and impressive hacking spirit that you shared with the N64 community. You were absolutely instrumental in several key events that shaped the N64 community in the last 14 years. Even if you're not physically with us anymore, your heritage, your knowledge and your attitude will never be forgotten. 'The candle that burns twice as bright burns half as long.' - LaC: For the endless contributions that you've given to the N64 community since the early days, when N64 was the next big thing. I've always admired the deep knowledge that you've gathered about the most little hardware details. Recently, you challenged us to find a small and concise algorithm that would emulate the behavior of CIC-NUS-6105 challenge/response protection scheme and here is the final result. LaC, Oman and Jovis were definitely the dream team of N64 reversing in the late 90's. Without your contributions, we would be much poorer. - marshall: For keeping the N64 scene alive during the last decade, when most people lost interest and moved along to different projects. You are the force that has been keeping us all together in the later years. When almost nobody cared about N64 anymore, you were always there, spreading the word, developing in the console, and lately, making impressive advances on the hardware side. I wish the best success to your new 64drive project. - hcs: For your contributions to the better understanding of the inner workings of the Reality Co-Processor (RCP). Your skills have impressed me for a long time now. And without your precious help by sharing your knowledge, I would have never understood the immense importance of Oman, Jovis and LaC achievements. Thank you ! - Azimer & Tooie: For sharing with the N64 community your findings about the challenge/response pair used in 'Jet Force Gemini' and the 267 challenge/response pairs used in 'Banjo Tooie', all stored in the 'pif2.dat' file of Project 64. They were instrumental to the final success of this endeavor. - Silicon Graphics, Inc. (SGI): For creating MIPS R4000, MIPS R4300 and Reality Co-Processor (RCP). You were the ultimate dream creator during the late 80's and early 90's. A very special word of gratitude goes to the two teams that during those years created RCP and MIPS R4300. They were technological breakthroughs back then. On a personal note, I would like to show my deepest gratitude to _Bijou_, for being always a source of endless hope and inspiration. -= X-Scale =- (#n64dev@EFnet)
nice job x-scale. BTW, he spent over 4 weeks on this. Just kept plugging away. also I'm not sure if banjo tooie crashes later on in the game via emulators, but if it does, it's worth replacing the erroneous pif2.dat included with Project64 with one generated by this program. I know the errors in it DO cause crashes when you play certain multiplayer games, and they were fixed with the proper values in the file.
he states he built the algorithm off of pif2.dat's content, is it possible his algorithm generates the same mistakes on some pairs?
Good work. Did anything ever come out of the project to decap a PIF? I remember reading about it a couple of years ago, but not heard anything since.
I believe he is currently working on the 6105 actually, I don't believe the job has been completed yet though. All the recent decap work has been coming from one man, he is doing the Lords work. I believe there is also a plan to decap the SuperFX, if not already complete?
Yes we're working on it, the guy doing the decapping is pretty busy with other stuff. But as soon as we have an image to optically read out the ROM I'll write a disassembler. Did you even open the file at all? Everything is explained in there.
That's some great news! IIRC BT has some stability issues under PJ 1.6 with default settings. Hope this new discovery helps and improves the emulation! NOW LETS EMULATE INDIANA JONES! /jk
