System disc
- Thread starter vbt
- Start date
slinga
Established Member
If your looking for a way to bypass the security check, I think the best method would be to audit the BIOS for vulnerabilities. This is code written from the mid 90s, it can't be that great.
You'd just need to find a vulnerability before they do the security check, like in the parsing of the ip.bin headers. Heck even a vulnerability in the CD player would work. Who knows, there might even be some weird logic security check to be bypassed altogether.
I'll glady help if you can get source or pseudo source of the BIOS...
You'd just need to find a vulnerability before they do the security check, like in the parsing of the ip.bin headers. Heck even a vulnerability in the CD player would work. Who knows, there might even be some weird logic security check to be bypassed altogether.
I'll glady help if you can get source or pseudo source of the BIOS...
Exactly, the ring check passed then the ip.bin is loaded (as always).
The ip.bin checks the beginning of the header of the cd and according to what it is written, it sends some code somewhere to tell the saturn if another cd is put in it with the same data at the beginning of the header, do not check the protection ring.
The beginning of the header that is checked is: SEGA ENTERPRISES or SEGA TP (so first or third party cd).
But where this type of instruction could be saved by the saturn ? RAM or anywhere else ?
The ip.bin checks the beginning of the header of the cd and according to what it is written, it sends some code somewhere to tell the saturn if another cd is put in it with the same data at the beginning of the header, do not check the protection ring.
The beginning of the header that is checked is: SEGA ENTERPRISES or SEGA TP (so first or third party cd).
But where this type of instruction could be saved by the saturn ? RAM or anywhere else ?
Man, why do we keep getting this question? And even from a veteran like vbt no less 
There's nothing special with the disc itself. Nothing, zilch. The way the cd block works is once a disc has been verified as an audio cd, data cd(such as vcd, etc. Basically something other than a saturn disc), or an original saturn disc, it will unlock the drive. And it'll stay that way until the cd block is reset. All the system disc does is go through the normal process of disc authentication, and then allows the user to insert a different disc which it then boots.
There's nothing special with the disc itself. Nothing, zilch. The way the cd block works is once a disc has been verified as an audio cd, data cd(such as vcd, etc. Basically something other than a saturn disc), or an original saturn disc, it will unlock the drive. And it'll stay that way until the cd block is reset. All the system disc does is go through the normal process of disc authentication, and then allows the user to insert a different disc which it then boots.
Yeah, but I figured I had to get more technical so that people understand how the copy-protection basically works
First, I am not an expert on cd block. But is the cd block reseted when you open the lid and you come back to the bios screen or when you reset the saturn? As the system disc allows you to reset the saturn and the cdr still works. Also, when you replace the system disc by a cdr, it goes to the bios screen when you open the lid, and the cdr works afterwards.
Also, not all the saturn discs will boot, just some types according to their header. So the system disc puts some pieces of code on the saturn, which is run every time a disc is inserted after it. It is not a simple disc with a ring that lets you bypass the protection check routine (btw, the magic card does that with a orig saturn cd then a cdr).
That sounds pretty interesting. By reset, do you mean soft reset (abc start) or hard reset (the reset button on the machine)?
Either way, the security ring still isn't cracked, so it's not possible to boot a cdr straight. Once someone figures out how to execute code without the security ring (or how to mimic the security ring), it'll be possible to write our own bootloader, or modify the official system discs.
Either way, the security ring still isn't cracked, so it's not possible to boot a cdr straight. Once someone figures out how to execute code without the security ring (or how to mimic the security ring), it'll be possible to write our own bootloader, or modify the official system discs.
I recently picked up a 3rd party sega system disk.
The way it works is basically just put the disk in and load it up, when it get to the SEGA - Produced or Licensed by Sega blah blah it says COMPLETED in the top left corner. At that point just open the drive, put a copy in and it will boot up right away with no problems.
I can also play 1st party titles on using my 3rd party disk by editing the BIN or ISO files using a hex editor. It's real simple
Thank god for this disk. It's saved me so much money to having to pay stupid amounts of money to play a few awesome games.
The way it works is basically just put the disk in and load it up, when it get to the SEGA - Produced or Licensed by Sega blah blah it says COMPLETED in the top left corner. At that point just open the drive, put a copy in and it will boot up right away with no problems.
I can also play 1st party titles on using my 3rd party disk by editing the BIN or ISO files using a hex editor. It's real simple
Thank god for this disk. It's saved me so much money to having to pay stupid amounts of money to play a few awesome games.
