Saturn proof-of-concept bootloader Pseudo Saturn

Thanks for your reply, I may just have to get one, though I would like that verified to be certain

It is a good assumption that it may use some sort of bootloader or header to be seen as a Memory Card that card has no Battery in it at all so does not work exactly the same as an official one

Would that work when booting from an Action Replay then changing the cart to an official Memory Card

 

Could anyone confirm if Deep Fear works 100% yet or will it have issues? Thanks!

 

I would but ran out of CD's

Is there a reason you think it may not work?

With the exception of 4 games 1 that has a bug that is also in the retail disc and 3 that just freeze totally the rest of the games run very well to perfect from CD-R, I do believe that CD-R's are being read at a slower rate to retail CD's so some games I have noticed bit of bad sound in FMV's (these would be the ones I class as very well, perfect would be no glitches at all) but that is in very few of the games that I have noticed that in and between the ones it occurs in it's only a second or so like that, that may also be fixable via a dummy file to push the data to the outer edge.

As far as testing goes I would only test out the booting and see if it gets in game fine or otherwise, I'm not willing to sit and play a whole game start to end, but if it gets in game than there should not be any issues later either unless it was a bad burn bad media or just a bad disc image to start with.

Games play as well as they do via a x2 swap trick (CD-R -> Retail -> CD-R) just with a custom loader and no swapping required

 

I always thought you were not supposed to insert/remove cartridges when the console is powered on.

 

You probably aren't supposed to do it, but it can be done. What damage may occur isn't obvious.

 

Tried this out today and it is fantastic, but does lead to a question/issue.


Normal Mod boards won't work with these backups due to the change from Sega SegaSaturn to Sega PseudoSaturn, so essentially this isn't a universal solution is my understanding. Since the change in the header is needed for the Pseudo solution, this tells me the only way to do a universal solution is to find a means of changing the code on a mod board to be able to report Sega SegaSaturn even if it sees Sega PseudoSaturn.

Do i have the proper understanding?

What i'd like to see is a single backup that will play with either a Pseudo Saturn cart or a modboard.

 

There is now an attack (not yet addressed in this thread) which will permit the use of unmodified, burned discs. So you're right as far as what had been discussed; but it won't be an issue in the future. Just wait for CWX to get back from holiday

 

Very good news then!

 

Does it mean we won't be needing to install the hacked firmware into the Action Replay and be able to run any game normally?

 

Only if someone implements it in the bios, so far it has been tested using an AR afaik. This attack, afaiu, will allow the same compatibility as a modchip though; using normal burned games instead of pseudosaturn patched ones.

 

The modchip is still a bit better though because this method that doesn't require patching does require a program to launch the attack. If you change discs or open the lid, there is no program ready to redo the attack. Although with the patched discs you wouldn't have that problem. So I suppose if there is a multi-disc game you had to switch and couldn't save and reboot, you could patch the second and following discs with the new string.

I think if someone did modify the BIOS, it would be a good idea to allow both the original string and a patched string to cause the BIOS to boot the disc program. But we'll see if/when someone does modify the BIOS to do this.

 

If I understood it right that cannot be made because the cd block warns the bios about the disc being fake.

 

The recent exploit jhl talks about allows for normal headers on cd-r (aka "SEGA SEGASATURN"). Though afaiu that probably won't help for multi-disc games that don't save prior to swapping disc. (Do such a game even exist?)

Preliminary infos are here: http://www.assemblergames.com/forum...ock-ROM-dumped&p=762819&viewfull=1#post762819

Be patient!

 

Is that even possible? so, by that you mean you could install some sorta custom Bios firmware via disc installer? similar to the method we're using now?

 

Isn't SEGA Saturn BIOS chip an OPT type?

 

It would have to be installed like the region free bios. Removal of old bios and replace it with a new one.

 

He actually said the CD Block reports a status flag about the disc which the BIOS operates on. If the status flag says anything other than a legitimate Saturn disc, it won't load the program on the disc. However this is the BIOS that does that, so you can make a modified BIOS that would act differently.

The idea works as follows. When the disc is going to be authenticated while the BIOS is running, it would execute the attack and make the disc be seen as a Saturn disc by the CD Block. Then after the attack the BIOS would need to identify the disc on its own by reading it since it can't rely on the status flag anymore since the attack was used to ensure we can read the disc. So the BIOS would need to scan for the SEGA SEGASATURN string to see if we should actually attempt to load the disc as a Saturn game. Alternatively it might be a Audio CD which you should properly handle if possible.

But the point is it sounds like the attack can be used to fool the CD Block into authenticating any disc as a valid Saturn disc, leaving the Saturn CPUs full access to the CDROM. Since you have that you can just use the BIOS to figure out what you want to do. If you did the attack, the action from the normal BIOS is going to be to load the Saturn program on the disc. However if it isn't a Saturn disc then it'll probably end up crashing. I suppose that's not an issue though if you don't plan on putting any Video CD or Audio CDs in the system while the BIOS program is loaded.

 

The attack makes any disc look like a valid *data* disc. So the BIOS would need to be patched to look at all data discs and decide whether to boot them; instead of looking for "valid Saturn" it'd have to look for SEGA SEGASATURN. One could also implement this by patching the BIOS code path after a fake disc is detected - to perform the attack and then jump into the loader code as if it had been a real disc. Then audio, legit discs, etc. remain untouched.

 

My mistake in more wording. Not sure how I got off track. Either way I was just speculating like you just did on how one might choose to add the exploit to a BIOS ROM. I do like your idea better of detecting that a "fake" disc was inserted and then performing the attack and continuing to boot. It makes more sense than the way I was thinking. It sounds like the ideal solution.

 

fwiw, I'd be perfectly happy with a BIOS that simply attempts to boot anything you throw at it. I don't do audio or VCDs on my Saturn anyways, I have way better hardware for those.