"Crack the SEGA Saturn copy protection" contest

[RockinB]

3 different appoaches:

If I would want to release a selfmade commercial game

which should be:

1. playable on any saturn and

2. piracy-protected against CD-R + modchip/swaptrick methods,

I would build a cart with a little microcontroller and a memory cart slot for SD-carts, CompactFlash or something

and use those for data and the CD only for CDDA.

You know Audio and Video CD's don't need to be unlocked.

And you know that the BIOS CD player somehow got access to the CD Audio data while it's played back, because it got this boxes morphing to a sphere and changing color according to the sound.

Now if I would know more about how the CD-Audio data can be accessed by the application, I would try to hide data in the CD Audio tracks...

In the developer documents, there is a note that storing executable code on a card is not allowed.

This is obviously forbidden because the copy-protection could be cracked somehow by patching the game.

So this suggests that once you got code running on Saturn, there is a possibility to swap in a new CD and read data from it.

Using an Action Replay, it might be possible to patch a certain game to support the swap-in of a CD-R.

That means disabling the CD-tray open check to avoid exit to BIOS CD player, patching the directory table and loading an executable from the CD-R.

Among that, the problem in my eyes is supplying the new TOC data.

If, like ExCyber says, there is a possibility by just using a custom CDC lib, we should ask CyberWarriorX, as he coded a CDC replacement.

 

[Drenholm]

A cartridge would be great, yeah.

I found your post interesting, Curtis - I wonder if you're right?

Your post interested me too, Rockin'-B - do you mean running games from a cartridge with just the audio on the CD? I also see what you mean about 'hiding' data in audio tracks.

But surely that's not really cracking the protection - more of a circumvention?

 

[Borisz]

OK, I'm going to point out the obvious - the outer ring on the Saturn looks EXACTLY like the ring between the regular and hi density part of a Dreamcast disc. Do GD burners use costumized blank discs to achieve that or they can actually write that kind of stuff on a regular disc?

It would be also interesting to check the SH1 in an emulator and watch exactly what code does it check when booting up a disc.

Then there's also the question, how come emulators refuse to boot up CDR copies while they boot up from cd images on a virtual drive as well as originals?

 

[Drenholm]

Originally posted by Borisz@Sun, 2005-02-27 @ 12:46 PM

Then there's also the question, how come emulators refuse to boot up CDR copies while they boot up from cd images on a virtual drive as well as originals?

[post=130619]Quoted post[/post]​

I've wondered this before... for a while I thought that meant the area was readable, now I'm not so sure.

I asked that same question in my thread about the copy protection, but it was pretty quickly dismissed..!

 

[ExCyber]

I think the holographic copyright label is a red herring from the perspective of this problem. We know that the copy protection is easily overridden, and in the thread that was posted earlier it was claimed that the outer ring actually holds no information at all. So what does that leave? The gap between the two tracks.

If that was true, it would be possible to cover the logo and still boot the disc. It's been a while since I poked around in this, but I think I tried that and it didn't work.

Or why don't you over burn the disk as much as possible with bunk data. like all 1's. So that way its straight up reflective all the way to the end of the disk.

That doesn't work; the user data is rather heavily encoded before it hits the disc, and part of the encoding is specifically designed to keep the frequency in a particular range (so that the controller can know when it's spinning the disc at the right speed).

It would be also interesting to check the SH1 in an emulator and watch exactly what code does it check when booting up a disc.

The SH-1 is not emulated, partly because we don't have the code (which is embedded inside the chip) and partly because it's not really necessary (Saturn apps can't "see" the SH-1 as such, they just talk to CD block registers). Also, I think the relevant code is not in the SH-1, but in the H8 on the CD reader itself.

Then there's also the question, how come emulators refuse to boot up CDR copies while they boot up from cd images on a virtual drive as well as originals?

This was covered in the thread Drenholm linked; as far as anyone can tell it's a problem with your system or your CD-Rs, not with the emulators being able to detect CD-R.

If, like ExCyber says, there is a possibility by just using a custom CDC lib, we should ask CyberWarriorX, as he coded a CDC replacement.

I don't mean only a CDC lib replacement, I mean something kind of similar to what you propose with a boot cartridge and using non-standard track formats; the CDC lib is just to let the application deal with pulling data from Mode 2 or CDDA tracks or whatever.

 

[Borisz]

Originally posted by ExCyber@Sun, 2005-02-27 @ 10:46 AM

This was covered in the thread Drenholm linked; as far as anyone can tell it's a problem with your system or your CD-Rs, not with the emulators being able to detect CD-R.

[post=130623]Quoted post[/post]​

So when I mount, it thinks the CD image is on a special kind of CDR that works? This doesn't make any sense, please elaborate.

I'm thinking that DAEmon just handles the CD access a bit different, as it was designed with copy protections in mind. It does something that a regular burned CDR won't do.

 

[ExCyber]

So when I mount, it thinks the CD image is on a special kind of CDR that works? This doesn't make any sense, please elaborate.

All I'm saying is that there could be some quirk in your drive firmware and/or your burned discs that causes them to behave in a way that the emulator doesn't expect. When you run an image (via a drive emulator or with direct emulator support), that's removed from the equation.

 

[M3d10n]

Originally posted by Borisz@Sun, 2005-02-27 @ 12:46 PM

Then there's also the question, how come emulators refuse to boot up CDR copies while they boot up from cd images on a virtual drive as well as originals?

[post=130619]Quoted post[/post]​

Dude, all my CD-Rs and HK silvers play just fine in ALL the existing emulators (Giri Giri hack included). There's something wrong in your end.

Ah, AFAIK, Giri Giri Hack won't boot games without any audio tracks.

 

[Knight0fDragon]

would it be possible to say cut the outer ring off an existing saturn demo disk or something, then with some fancy work, perhaps make something that clips onto the cd bottem

 

[mrkotfw]

sure, go ahead and give that a try. just make sure it's a rare japanese game disc. the saturn reads them better :slap

 

[dj898]

it would be easier to get hold of Magic Card v2 instead if you are going that much of trouble...

 

[Drenholm]

Pardon the n00bish question... what is Magic Card v2?

 

[IceDigger]

I would be willing to hand out $500 to the person/group who can make a regular cd burner burn a saturn game without the need for the saturn to have any modifications to that saturn or carts or swap tricks.

 

[Mr. Saturn]

My $200 are for sure, don´t know if the other ones are too... :cheers

 

[dj898]

Originally posted by Drenholm@Tue, 2005-03-01 @ 03:36 AM

Pardon the n00bish question... what is Magic Card v2?

[post=130673]Quoted post[/post]​

it's the cart designed specifically to make disc swapping easier.

once you boot with legit copy after security checking the cart will stop the CD motor so you can open and replace with CD-R or HK silver and away you go... in snail's pace if you want...

 

[dj898]

Originally posted by IceMan2k@Tue, 2005-03-01 @ 04:58 AM

I would be willing to hand out $500 to the person/group who can make a regular cd burner burn a saturn game without the need for the saturn to have any modifications to that saturn or carts or swap tricks.

[post=130677]Quoted post[/post]​

I'll bet it will cost a lot more than $500 to modify the burner to do what you have in mind IF it's possible that is...

 

[SeGaFrEaK_NL]

Originally posted by dj898@Mon, 2005-02-28 @ 06:29 PM

I'll bet it will cost a lot more than $500 to modify the burner to do what you have in mind IF it's possible that is...

[post=130686]Quoted post[/post]​

I think he means just the same as us; make the saturn read plain

burned games.

And yes, my $50 is a sure thing too.

Know what I'll make it $80

So thats: $200+80+500+20; $800 so far. :cheers

Now, some people add the last $200 and SX can do a front page

reward headline 'Crack the Saturn and claim the $1000 reward' it's sure

to get some attention.

 

[dj898]

maybe use that money to source blank Saturn CD-R with the security ring and burn System Disc rip...

 

[it290]

That's not a bad idea, actually. I bet a lot of people would be willing to buy a boot disc, given the trouble people have had with mods in the past.

 

[dj898]

and the rip of System Disc is already available... (thanks mal)