Deunan
Electrons, and their use 
15th-Feb-2011 04:56 pm
Since you asked so nicely I'm going to post some bits and pieces about M1. But first some necessary background.

There are several approaches to figuring out encryption / compression schemes, all involve deep analysis of the data before and after the decoding step.

Unless the system is very simple you won't get far by just looking at the (usually very few) patterns available. In fact it's pretty easy to come up with some hypothesises that will turn out to be false later and will derail the whole research, taking up days to weeks to disprove. This is what accounts for most of the time, and all the failures tend to be quite discouraging. This is the pure analytical approach. Andreas Naive does statistical analysis, it's easier in the sense that it gives you some hints and directions of what to try. However, to even attempt that you need to have the knowledge, tools and experience - things that I lack :) You also need to have plenty of test data if the results are to have any meaning.

We got a bit lucky with M2/M3 protection. I still have no idea how Andreas managed to identify the encryption so fast and reverse it (though if I was to hazard a guess then I suppose the work he did on Atomiswave carts helped a bit - it's not the same system but bears resemblance). I explained what I know about NAOMI to him and then we had some brainstorming (which was mostly him shooting down my silly suggestions), and eventually came up with some ideas on how to generate the test patterns he needed. I modified my dumper tools to output the data.

I should explain that M3 turned out to be just a variant of M2 that uses cart's own RAM buffer. This is also the major weakness of this system that we exploited. See, it's easy to say "generate test data", but how exactly do you present your own patterns to the decoder if all it can do is access read-only memory? Well, one way would be to inject the pattern into EPROM chip that serves as game program carrier. It's possible but you're limited by available space (up to some 4MBs), while erasing and reprogramming takes a lot of time. Not to mention EPROMs have rather limited number of erase cycles they can go through (about 100) before errors start to show up. Obviously you'll also need all the necessary equipment to do the job in the first place :)
Another problem was that M2/M3 is actually position-dependant. In other words, the same value at address A and A+n will decode to different result. Data is decrypted in 16-bit words, so to fully test just one address location I'd have to reprogram the EPROM over 65 thousand times. Not really my idea of fun.

But, as I said, there is a RAM buffer on the cart. We figured it will help us crack M3 and then we'll worry about M2. Having the ability to actually upload data to the cart and read back the result reduced the hardware testing times to mere minutes. Obviously Andreas needed very specific patterns but that was just a few changes in the program code on my side. This also allowed the tests to be run on pretty much every cart out there (not just those in my possesion) without resorting to any hardware modifications. It's thanks to this feature that we were able to crack the encryption keys on most games so quickly.

This was M2/M3. M1 is completly different system. The complexity of the encryption is nowhere near that of M2/M3 so it's much weaker from cryptographic point of view - but it took much more work and many more months of head scratching to figure it out. Kinda funny, now that I think about it, that I identified and named the methods used on NAOMI carts as M1 through M3, and it was M3 to go down first and M1 last. Well, we have M4 now too :)

Anyway, M1 didn't work the same way M2/M3 did. I had only one cart, with only one encrypted sequence on it, so not exactly a lot of data to work on. Trying to "decrypt" other ROM areas only produced confusing results. What's worse, trying to decrypt data from the EPROM area gave completly different and incoherent results. The only way to inject custom patterns into decoder was to spoof a ROM chip.
Soon it became obvious why EPROM approach doesn't work - on this cart type ROMs are paired and read two at once, to produce 2*16 = 32 bits of data for each address location. EPROM output is only 16 bits wide - and while cart compensates for that during normal data transfers, decryption engine just treats the other 16 bits as pulled up. Thus completly changing any patterns we'd want to test. I had to create a device that would make up for the lack of any writable memory on the cart. That's where Altera Cyclone II FPGA comes in again :)

Just to sum this up, I needed 32 bits for data, tristatable and preferably bidirectional for logic analyzer. Add at least 16 bits of address to that, and some additional control signals (chip selects mostly). Tons of soldering. To add insult to injury the ROMs are 5V and FPGA inputs can handle 3V3 tops (some people abuse the protection resistors and claim 5V tolerance but it's a bit too pricey chip for me to fry just because I'm lazy). I had to add additional overvoltage protection circuitry, that would still allow me to have the bus bidirectional. The final result was this wire mess:



It allowed me to to test a few things and establish a working theory or two. I figured that the data is clearly XORed with some unknown pattern, to obfuscate what looked like a dictionary-based compression system. It's not like I didn't do any testing at all without the FPGA, but only now I could clearly verify my hypothesises. My initial guess was that the XOR mask is rather short, up to 8 bytes, perhaps different length on every cart using M1. I also suspected that some of that pattern actually "leaks out" to the ouput when you try to decode streams full of zeroes or ones. That later turned out be true but quite frankly it's not predictable enough to make use of this weakness. I started collecting M1 data from people who dumped carts with my tools and had some more stuff to look at. I also got GG2K cart from Roberto Malone, which he bought specifically to aid M1 cracking process. At some point I ecountered an output sequence that did not look cyclic - this scared me somewhat, for it was now possible that the XOR mask is generated on-the-fly by decoder with some pseudo-random sequencer. Now this would be a real show-stopper. I guess I need to thank SEGA for not doing that :)

Still, figuring out the mask sitting on top of compression was a very tedious task. I didn't know much about the compression itself at the time, and fighting on two fronts is never easy. Also, after M2/M3 success I was trying to think strategically - if I could simplify the discovery method than I could use other people and their carts to aid me in my research. So far I'm the only one who actively worked on NAOMI anti-piracy protection methods. Well, perhaps some other guys tried too, but kept it secret since their objectives were more... money related let's call it :) In the end I had a bright idea that worked out pretty nicely. Take a look at this photo:



What you see here is Actel FPGA (not to be confused with the one I was using) that does everything on the cart: addressing, reading and buffering, DMA and also M1 decryption. All that inside one, small black box. But it does have a weakness, namely it lacks necessary amount of memory for all that functionality. So, there are two smaller chips below it: On the left there's a 9-bit asynchronous FIFO queue, 256 entries long, that serves as ouput buffer for DMA mode. 9th bit is unused, and rather than have two of those chips (external cart data bus is 16-bit wide) it stores words as byte pairs. It's fast enough to do that, it's latency is less than 20ns. On the right there is a SRAM chip. It's pretty fast too, just 15ns, and has 32k x 8 capacity, though closer inspection will reveal that only A0-A6 address lines are used. That limits it to 128 usable cells, and once you know that the compression dictionary can have only up to 111 entries... rings any bells yet?

The bright idea was to tap into the address lines of the SRAM chip to monitor dictionary usage. This would greatly help with the compression part so that I could focus more on XOR mask. Since it's just 7 address lines, 8 data ones and two control signals, I decided to wire it up completly. It helps this chip is 3V3 so no need for the overvoltage protection, the transient snubbing resistors on my FGPA board will suffice. Imagine my surprise when I started up logic analyzer project and saw that the data stored in SRAM is already de-XORed... What a find :) It took just few minutes and a piece of paper to figure out the complete XOR mask for Oh! My Goddess cart and learn it's only 4-byte long. A bit more time passed and a prototype decoder was ready and working PC-side.

So I went ahead and soldered some wires to GG2K cart as well. This is pretty clean compared to OMG, wouldn't you say. And some screenshots from SRAM usage monitor for two different input patterns:





This time the XOR mask was also easy to calculate but then the decoder failed to produce expected result. It only got two first bytes (one output word) right. A moment later I discovered that there are two modes of operation, one direct and one based on substraction. OMG uses substraction mode and only dictionary data (and not even all of it), while GG2K uses direct mode and has some data bytes stored in the compression command stream. A few fixes and the code was working in all cases. Mystery solved. Time elapsed... eh, let's say months. Obviously not spent entierly on this problem but I kept poking it and thinking about it all the time.

It's possible that M1 would be broken sooner if I had GG2K instead of OMG to work on - but that is just another theory, one that is never going to be verified :) Fact is I was extremly lucky to get just 3 carts and happen to hit all protection methods (M1 for OMG, M2 for DOA2 and M3 for CVSSNK).

No NAOMI carts were harmed during research or making of this document.





And a small post scriptum, yes, I know that MVSC2 does not work well on T12/7 for some people. I even know why. I did say stick to T12/5 in case of problems. I also confirm that second player input will not work since I forgot to add one line of code. Happens. Stop bugging me about it.
  • Tags:naomi
  • Music:Emperor - Battle for Dune - House Harkonnen
Comments 
15th-Feb-2011 07:49 pm (UTC)
Anonymous
Great read even though I didn't understand a thing as I know pretty much nothing about programming. Though I feel you're commited, willing and proud and that's very good. So thanks for all you've done in the dreamcast/naomi emu scene man!
15th-Feb-2011 07:58 pm (UTC)
Anonymous
wich are the games that use m3 encryption?
15th-Feb-2011 08:09 pm (UTC)
dknute
Too many to list here. Most carts are protected with M2/M3, there's just a handful of M1 ones.
16th-Feb-2011 06:10 am (UTC) - M4
Anonymous
So there's a fourth type of encryption? Which games use that? Is it related to the other decryption types or does it require another journey?
16th-Feb-2011 08:46 am (UTC) - Re: M4
dknute
Yeah, there's another one on the newest carts (like Asian Dynamite). Completly different too, all the data is encrypted. The need to crack it ASAP is somewhat alleviated by the fact that with my tools the game can be dumped already decrypted :)

I'm not sure about this, obviously, but M4 looks like a proper crypto so it might not give up that easily.
16th-Feb-2011 08:02 am (UTC)
Anonymous
Thanks for taking the time to write this information Deunan, very interesting to hear how it was done. I think some people won't realise how difficult this task actually is because you make it sound so simple!
17th-Feb-2011 05:43 am (UTC)
Anonymous
Is it just me, or do arcade hardware manufacturers have something against strong security? I mean, 4 byte XOR masks aren't exactly cutting edge cryptography. And in general, you rarely see arcade protection strong enough to make guys like the MAME team just throw their hands up in the air and give up. Not that I'm complaining...
17th-Feb-2011 08:58 am (UTC)
dknute
That's what Andreas said too :) It's not really a strong protection system but then again, it has served it's purpose rather well. From the looks of it OMG was the first M1 cart and the game was released in 2000. It's 10 years later now and I could research this only thanks to FPGAs being faster, better and more affordable for a guy like me.

Sure, it's possible the carts were cloned but I haven't seen a flood of obvious bootlegs so far (and while OMG is not exactly first choice for bootlegers, MVSC2 is also M1 cart and it's extremly popular game even now). Besides, games stored on GD-ROMs are encrypted with DES56 and this was cracked earlier than carts mostly due to fact that PIC MCUs can be now decapped and program extracted. Takes some few thousands $ but there are people and organizations that can afford it. Cart's on the other hand had unique, one chip solutions that had to be figured out.

So, yeah, I agree it's weak - though you should've seen me cursing at it during research. I'd say it was cost-effective and hey, look at PS3. In theory it was the most secure gaming system ever made, the per-console key stored deep inside CELL CPU, but then SONY botched pretty much every piece of software on it...
17th-Feb-2011 12:13 pm (UTC)
Anonymous
I think though, that the Sony case is somewhat unique. If you look at what Microsoft did with the Xbox 360, their security held up considerably better. In fact, other than a moderate breach in the hypervisor security, which was quickly patched, the Xbox 360's platform security had been rock solid. Too bad they didn't extend said security to the DVD drive firmware, making the system ludicrously easy to pirate games on. But the fact remains, the Xbox 360 chain of trust is currently unbreakable. If they fixed the DVD firmware issue in their next system (or moved to a download only system), and kept the current hypervisor implementation without changing anything that might potentially break it, we may see the first unbreakable security system in a consumer electronic device. I honestly don't care for the implications of this myself. I wonder exactly how resourceful the hackers will be next time around. The only two options for breaking the security would seem to be either finding a cost effective method to tamper with the CPU die where the security is implemented, or to break the public key cryptography algorithm they are using. Or I guess we could just wait for quantum computers to take care of that for us.
17th-Feb-2011 12:54 pm (UTC)
dknute
While it was a general consensus, at least few months ago, that X360 is the 'hacked' platform and PS3 is secure, it's completly opposite right now.

AFAIK current-gen X360 DVD drives are next to impossible to hack, and also the few methods that were used to force Xenon CPU to leak it's unique per-console key were patched. Though yes, it's kinda funny that it's much easier to force the console to run copied games than your own, unsigned code.

Even though I'm PS3 owner, I always regarded X360 a somewhat better piece of hardware. Mostly because of the encrypted memory, 3 universal CPU cores, and 3D hardware design that I have easier time to understand (which translates to better utilisation within games for developers). It also helps that the memory is not divided between CPU and GPU, and while it could cause overall slowdown it's easier to move data around (in most cases it doesn't even need to be moved) and the eDRAM helps greatly to reduce the memory load imposed by GPU and it's RAMDAC.
Not to mention Microsoft guys actually do know a thing or two about operating systems :) So in the end their hypervisor is much more secure, and while a bug or two have shown up it's not as bad as Sony's failure to properly sign all their executables or test the critical code paths for buffer overflows.

Anyway, seems like CPU-key based encryption, and one chip solutions are the future when it comes to hardware/software security. I wonder what will Nintendo do with their 3DS, since both DS and Wii didn't offer much resistance to hackers. I'm not sold on the idea that "if it runs Linux natively nobody will bother hacking it". With all due respect to Linux guys, I couldn't care less what it runs. Hacking stuff is fun, period :)
17th-Feb-2011 05:09 pm (UTC)
Anonymous
"we may see the first unbreakable security system in a consumer electronic device"

This comment made me smile. How many times have we heard/seen this ? And as my technical director is always saying "If a human made it (the protection), a human can break it". And you have to admit that so far, this is true :)

Roberto Malone
18th-Feb-2011 04:39 am (UTC)
Anonymous
deunan
when you say that test 12/7 is unstable, is unstable with the framerate to?
btw wich would be the recommended system
18th-Feb-2011 10:38 am (UTC)
dknute
Dual core with DX11 graphics card.
21st-Feb-2011 05:02 am (UTC)
Anonymous
is world kick supossed to run in test 12/7?
21st-Feb-2011 10:35 am (UTC)
dknute
No, sorry. In fact the game key is not included in the T12/7 executable.
22nd-Feb-2011 06:19 am (UTC)
Anonymous
First of all, thanks for the interesting read with nice pictures and all! Secondly, what i was curious about is what the emulation status is of games requiring analogue or dedicated controls like for example jambo safari or initial d?
Anyway keep up the good work!
22nd-Feb-2011 12:08 pm (UTC)
dknute
Simple analog controls can be emulated with pad sticks or triggers, but it doesn't work all that well for stuff like steering wheels, hitting bats, levers or guns.

I've said that before, NAOMI is not a home console. There is no standarized input system other than the logic layer. It's possible to emulate some of that stuff well enough to play but that will require a customised input translation for each game. Not very high on my TO-DO list right now.
24th-Feb-2011 10:41 pm (UTC) - Automatic Saving F11 settings after changing
Anonymous
Hi, Deunan!

I very like your emulator, but would be great, if after changing settings in F11 menu all settings will saved in INI (Or just will saved somehow). Is it possible to add this amazing possibility? Very perspective thing!

What do you think?

Thanks.
25th-Feb-2011 03:03 pm (UTC) - Re: Automatic Saving F11 settings after changing
dknute
The whole F11 stuff is kinda temporary so I never bothered to save/keep it. It will be, eventually, removed once DX11 version is out.
7th-Mar-2011 07:37 pm (UTC) - on pause function in Dreamcast Makaron T12/5
Anonymous
Most of all, I'd like to thank you for your emulators.

I want know if there are some functions for screen capture in DC Makaron T12/5 like followings:

1. a function for game pause/resume
2. an internal function for screen capture

While googling, I read you articles on those two functions. For example, [Pause/Break] key would act for game pause. However, it doesn't work in T12/5. And, Makaron for Dev already has the internal screen capture function. Could you release it in public?

This is another question. Is there any plan to upgrade DC Makaron, especially in MMU option? I mean WinCE game.

Thanks...
9th-Mar-2011 07:11 pm (UTC) - Re: on pause function in Dreamcast Makaron T12/5
dknute
There actually was a pause function but I removed it around T11, since I changed too many things and it stopped working properly. It'll be back. Screen capture is also a bit broken and, with addition of scaling modes, needs to be reworked.

There is always so much to do that I keep forgeting about this stuff :)

As for Dreamcast part, sure, I'm working on it. I want to finish DirectX 11 renderer first. For MMU and WinCE games you need a fast CPU to get decent emulation speed. I had some good ideas and implemented some in T12/5 so it's the fastest version so far, though I realize it's still slow for many people. All the processing that needs to be done is simply taking too much time, I don't really see any better way of doing it at the moment. So, unless I have some stroke of genius it'll require a 4GHz CPU to work full-speed.
11th-Mar-2011 08:41 am (UTC) - Re: on pause function in Dreamcast Makaron T12/5
tq03q9i
More MUU Address Translation Percentage = More Speed
11th-Mar-2011 08:48 am (UTC) - Re: on pause function in Dreamcast Makaron T12/5
tq03q9i
So,Work Hard for MMU and WinCE games at 2011
15th-Mar-2011 03:43 am (UTC) - Re: on pause function in Dreamcast Makaron T12/5
Anonymous
I mean the upgrade of Dreamcast Makaron MMU not in speed but in stability.
Several WinCE games kept crashing. For example, I could not play 'Kita e - White Illumination' because of its irregular crashing. I checked it on Windows XP (Japanese) and Windows 7 (Japanese).

Thanks for your sincere reply. :)
15th-Mar-2011 10:54 am (UTC) - Re: on pause function in Dreamcast Makaron T12/5
dknute
Some of these crashes are actually speed-related. Well, it could be a bug in the emulator, but I haven't found it yet :)

What happens is every now and then the DMA transferring 3D geometry ends up sending garbage - it starts OK but somewhere in the middle it either skips something or sends wrong/old data. This confuses TA module and causes hang or crash (it would happen on the real hardware too in such case). I just don't know what causes this... All I know it happens much more often when the emulation speed is too low to run the game full speed.

One theory I have is there is a bug in the CE kernel, a race or glitch that never happens on real hardware. On the emu however the timing is different and also the PC OS can interrupt the program in any place really and then resume, causing a few milisecond lag, and that could be enough to trip something.

Trust me, I do know it's unstable. I'm doing my best to figure out how to fix it :)
Leave a Comment to the Entry
This page was loaded May 25th 2013, 11:59 pm GMT.