Saturn CD Block ROM dumped

You mean booting CDRs? Will never be possible. See previous thread:
http://www.assemblergames.com/forum...n-copy-protection-and-CDRs-the-conclusive-end

(The CDB dump confirms that it checks the wobble value, but that's been proved by the modchip builders before.)

 

If you mean the ability to burn discs that will boot on an unmodified retail system then no. What it does do is provide a method that could be used to make a modchip or CD emulator that could simply be plugged into the MPEG card slot and which wouldn't even need you to open the console to install it.

 

Ok didn't understand it checked wobble and such, i thought it was more a matter of sessions/burning it in a certain way...

In any case compliments, not having to rely on ancient and difficult to recover and repair cd drives is a great news! Hope the project will move forward

 

it is true in the case if code is 100% bugless, secured and exploit-free. if not - there is always a chance to exploit prot.check by some weird input data

PS: thanks for impressive work!
whats next ? maybe MCUs used in GD-ROM ?

 

Booting of burned discs on an unmodified console is most definitely possible, even before this discovery but still requires a custom bootloader and specially crafted discs.

 

This statement is repeated over and over on the internet with no proof whatsoever that it has been done or that it's possible. Please consider releasing publicly any tangible info you might have on that topic.

 

Sure, I'm currently just cleaning up my code on a proof of concept and I'll be releasing it on github probably by the weekend.

As for info. Basically the way to think of it is, normally on any disc you have to send a request to the CD block to authenticate the disc before it allows access beyond the first 16 sectors. How it works depends on the type of disc, and jhl probably has more knowledge in that area. Anyways, one thing I noted some time ago was that VCD's, photo cd's, etc. didn't appear to have any special checks. I mean you could easily play them on the system. So I spent a bunch of time coding up tools and trying to authenticate different discs and see what the result was. I eventually discovered that by just changing the first 16 bytes of a saturn disc to some other string you could authenticate and unlock without a ring check. After that, it was basically just a matter of writing a boot loader which I'm currently running off an Action Replay.

 

I like what I read! You exceeded my expectations sir!

 

Sure. You could patch the BIOS too. Assuming that games don't check their own authentication status (and why would they bother?). One wonders why nobody's done it before now? You could've sold thousands back in the day.

 

Yeah, pretty much. You just need to be able to run your own code. Of course the whole point is doing it on an unmodified console. And doing it through cart is probably the easiest and most accessible.

I've never seen secondary authentication checks, but yeah if they had done that at the very least it would've made the concept more annoying to implement. And yeah, when I discovered this hole I was pretty shocked too that nobody ever thought to make their own special cart like a st-key like device.

 

Well i am in for the SD Slot solution.
Honestly, 32GB is a lot and should be enough for most people. Would a 64GB SD Card also work?

The SSF Emulator which has a chart saying that the CD BLock ist just 85% emulatated.
Would your dump help in that case to reach 100%?

 

As usual i might have misunderstood, but the idea is to trick the saturn by telling it a disc is i.e. A photo cd so that it skips a part of the autentication process?

If that is the trick just modding a disk image would work? Or it would work like the sega saturn system disc i have home that temporarily flashes the bios until machine is shut down?

 

In a sense, yes. Basically the idea is to make the Saturn think it's not a Saturn disc, but an ordinary data or mixed mode cd. In it's current implementation I have a tool that patches the first 16 bytes of a disc image that you have to burn to disc.

 

So throught patching any and all isos or homebrew could just boot or it would need a code injection too along with the 16bit patch?

I mean a 16 bit patch plus a special iso preloader?

Btw i feel proud i did understand a bit of it lol

 

This thread is becoming amazing!

 

What it sounds like to me: You have to patch each CD image to make the CD block think it's not a Saturn CD (to get around the security ring checks); you also use an Action Replay code or some kind of "chip" (more of a dongle, really) that plugs in the back and makes the Saturn think the "not-a-Saturn"-Saturn-CD is a Saturn CD once again (so it plays the game - duh.). In short, you need both components for it to work.

How far am I off the mark?

 

Sounds about right.

 

Plugs in the top, in the cartridge slot. Could you also work a switchable DRAM cart functionality in there? Might get expensive though, I found suitable DRAM parts are getting rather hard to find when I was considering building a USB-cart.

 

Thanks for the clarification. Yeah, and many people probably want to be able to keep using their RAM extensions; I guess focussing on an AR-based solution would make the most sense because of that.

 

Yeah, pretty much sums it up. And as already mentioned, it'd have to be an AR or equivalent cart that can execute its own code. For example, you could probably use a Saturn USB dev cart. And yeah, you need both components to work since an unmodified bios won't boot any discs that have been patched using this method.

By the way jhl, I was going to ask you, could you possibly elaborate on the functions of CD Block commands 0x55 and 0x56? Like what exactly does it do with the selectors and what the command format is? Also what's the command format for 0xFF? Basically I'd like to complete the documentation on Yabause's wiki.