Just wanted to wish everyone a Happy 30th North American release of the Sega Saturn.
Credits to the greats before me.
Antime
vbt
cafealpha
jhl
cyberwarriorx
Rockin'B
XL2
I do not know all the copyright rules about posting code from "official" Sega Libraries.
So I will not be posting the whole code but instructions on how to find it.
I have not seen this before but if this has been posted please give credit where it is due.
If not please make sure to give proper credit.
Now will this code automagically unlock the Cdblock... probably not because you need to be able to run code before all the security checks.
I believe this is used by DEMO DEMO.
I also believe this answers the question that the Cdblock is unlocked before doing a TOC check.
You will need some understanding on binutils and potentially some ld (linker) but here is the gist of it.
-1) Sorry I am windows based
0) There are multiple versions of this file in SBL and SGL so be careful that the linked files are from the same library
1) First you use ar to find all the object files in say a library like a SYSTEM library for the saturn.
In that file there will be 2 .o files sys_exit.o and another file.
2) Then you use ar with these modifiers below to extract out the other file. (*** is what you figure out)
sh-elf-ar -t "***SYS.A"
sh-elf-ar -x -o -v "***SYS.A" sys_***.o
3) Optional: Then you can use nm to determine all the functions in the extracted other file
nm -a -l -n -s <filename>
4) Then you can use Objdump to see all the code of the extracted .o file.
sh-coff-objdump -D --all-headers -b binary -m sh2 -S -s -t -r --start-address=0X00 "sys***.o" > sys***_o_objdump.txt
(You can remove the -b binary and -m sh2 if the file can be detected)
5) Optional: If you really want to make portable code out of this you can use the ld to link to all the libraries that are associated with this file
ld.exe -r -o ***CDC_ld2 ***CDC.A --whole-archive ***CDC.A (This is a different example of making PIC code)
This is just an example and should be used with all libraries that link to that file.
It links to just below 32kb.
6) In terms of usage. I could potential see this being put into an IP.BIN that has E0 = 0x8000 (32kb) into it.
After 0xe00 security 1, being able to jump and execute this. The only problem is this has to be relative so all the jmp have to be changed to branches.
Also it might be easier to just call the functions from the bios since the bios has all "00-FF" CDblock functions.
Hope to spur some discussion and discoveries in the near future.
MDG
Credits to the greats before me.
Antime
vbt
cafealpha
jhl
cyberwarriorx
Rockin'B
XL2
I do not know all the copyright rules about posting code from "official" Sega Libraries.
So I will not be posting the whole code but instructions on how to find it.
I have not seen this before but if this has been posted please give credit where it is due.
If not please make sure to give proper credit.
Now will this code automagically unlock the Cdblock... probably not because you need to be able to run code before all the security checks.
I believe this is used by DEMO DEMO.
I also believe this answers the question that the Cdblock is unlocked before doing a TOC check.
You will need some understanding on binutils and potentially some ld (linker) but here is the gist of it.
-1) Sorry I am windows based
0) There are multiple versions of this file in SBL and SGL so be careful that the linked files are from the same library
1) First you use ar to find all the object files in say a library like a SYSTEM library for the saturn.
In that file there will be 2 .o files sys_exit.o and another file.
2) Then you use ar with these modifiers below to extract out the other file. (*** is what you figure out)
sh-elf-ar -t "***SYS.A"
sh-elf-ar -x -o -v "***SYS.A" sys_***.o
3) Optional: Then you can use nm to determine all the functions in the extracted other file
nm -a -l -n -s <filename>
4) Then you can use Objdump to see all the code of the extracted .o file.
sh-coff-objdump -D --all-headers -b binary -m sh2 -S -s -t -r --start-address=0X00 "sys***.o" > sys***_o_objdump.txt
(You can remove the -b binary and -m sh2 if the file can be detected)
5) Optional: If you really want to make portable code out of this you can use the ld to link to all the libraries that are associated with this file
ld.exe -r -o ***CDC_ld2 ***CDC.A --whole-archive ***CDC.A (This is a different example of making PIC code)
This is just an example and should be used with all libraries that link to that file.
It links to just below 32kb.
6) In terms of usage. I could potential see this being put into an IP.BIN that has E0 = 0x8000 (32kb) into it.
After 0xe00 security 1, being able to jump and execute this. The only problem is this has to be relative so all the jmp have to be changed to branches.
Also it might be easier to just call the functions from the bios since the bios has all "00-FF" CDblock functions.
Hope to spur some discussion and discoveries in the near future.
MDG
