
How the Dreamcast Copy Protection Was Defeated - fafner
http://fabiensanglard.net/dreamcast_hacking/
======
new299
There are two points to note.

The first is piracy probably didn’t lead to the failure of the Dreamcast. They
didn’t sell many of the consoles... if it was a piracy issue then you’d expect
they’d sell many consoles, but few games (the line up of games was really
good).

The article mentions Ikaruga a lot. It worth noting that Ikaruga for the
Dreamcast was released a year after the Dreamcast was cancelled. They probably
weren’t hugely concerned about piracy at this point.

From memory it was an easy port for them, because the arcade board that
Ikaruga ran on is also the same as the Dreamcast.

~~~
elsonrodriguez
> The first is piracy probably didn’t lead to the failure of the Dreamcast.

Sega led to the failure of the Dreamcast. They had failed fans with the
SegaCD. Released the 32X as a "bridge" between the 16bit and 32bit consoles
(then promptly abandoned it). They released the Saturn with almost no fanfare
in the US, and with last minute architectural hacks to make it pass as a 3D
console (just barely).

By the time the Dreamcast came out, people were just tired of Sega's shit.

~~~
bitwize
A lot of people were stoked for the Dreamcast upon its release.

What ultimately did it in was the PS2 -- a superior console in virtually every
respect, released just two years later (in the USA).

~~~
laumars
> _What ultimately did it in was the PS2 -- a superior console in virtually
> every respect_

I beg to differ. Graphically it was, but it should be given it was two years
younger. Sound quality it was too but honestly very few people would have
noticed on the typical set up of that era.

However the Dreamcast has 4 controller ports built into the console itself,
rumble packs from day one, a portable gaming unit (ok, that was a bit of a
novelty), support for using your save games on actual arcades, easy way of
sharing save games, online gaming (a good 4 years before the competition
too!), downloadable content (which was typically free back then).

The Dreamcast was easily the more interesting console out of the two of them.
If the reputation of the two companies had been equal then the DC would likely
have won out. But the PS1 was already a proven success and Sega had messed
their fans about with all the failed Megadrive /Genesis addons. So a great
many gamers didn’t even give the Dreamcast a chance. In a sense, their
expectations became a self fulfilling prophecy.

I was gutted when the DC failed. No console before nor since has really
captured my imagination quite as much as the Dreamcast did. But ultimately I
wasn’t surprised either because Sony had already won even before releasing the
PS2. Few people cared about Sega (or Nintendo) at that point.

~~~
larrik
AS I remember it, the _mindshare_ of the PS2 even so long before launch was
immense. Sony's marketing killed the Dreamcast with ridiculous promises that
really didn't pan out. You can't just look back and compare the systems, the
_idea_ of the PS2 killed the DC.

~~~
laumars
I don’t recall Sony marketing the PS2 _that_ heavily compared to the DC (nor
even the Xbox). But memory can be fallible.

The argument I was proposing was that the mindshare was in anticipation of the
PS2 because of how the PS1 vs Saturn war panned out. Gamers can be loyal pack
animals and Sega had already lost their fan base before the DC was even
released thanks to the success of the PS1.

> _Dreamcast with ridiculous promises that really didn 't pan out._

I don’t get your point there. Everything the DC promised to do it delivered
on. Technically speaking it was a success - very much ahead of its time in a
great many ways. It just didn’t sell.

~~~
monocasa
Sony did all sorts of marketing stunts to keep the idea of the PS2 in the
limelight. They spread stories about how Iraq was trying to buy them for their
weapons program because they were so powerful, etc.

[https://www.theregister.co.uk/2000/12/19/iraq_buys_4000_play...](https://www.theregister.co.uk/2000/12/19/iraq_buys_4000_playstation_2s/)

~~~
laumars
I’d completely forgotten about those stories!

------
dsco
Related and _very_ inspiring; how the Sega Saturn CD was cracked after 20
years. Even my very non-technical girlfriend sat through this thing, being
intrigued by the dedication.

[https://www.youtube.com/watch?v=jOyfZex7B3E](https://www.youtube.com/watch?v=jOyfZex7B3E)

~~~
jandrese
Did the Saturn hold out for so long only because nobody cared enough to crack
it? The Saturn was stillborn as far as I can tell. Sega rushed it to market to
try to recapture that early Genesis magic and discovered too late that launch
titles/partners are important.

~~~
batty_alex
Here's what I remember from the history of it all:

The Saturn was Sega's best-selling console outside of Japan. It did terribly
in America, mostly because they screwed-over retailers and developers with a
surprise early release. Some retailers would straight-up not carry it,
American third-party support was pulled, and this all carried forward to the
Dreamcast. Sega of Japan was undermining Sega of America and there's a whole
tragic story behind it. The Sega of America CEO, who helped the Genesis be
successful in the US, quit over this nonsense.

As far as not hacking it, it was so easy to mod the CD drive to play back-ups
(1 wire and a ribbon cable) - there probably wasn't much incentive.

------
AdmiralAsshat
I was heavily into burning DC ROMs back in the day. Its most valuable utility
was making backups of the games we owned, as our first copy of Sonic Adventure
2 became scratched and nearly unreadable after awhile. The backups allowed me
to keep our "critical" games like Soul Calibur, MvC2, and Power Stone 2 (that
one cost a pretty penny) in their cases while we used the backups. It also
allowed a handful of custom soundtrack-editions of games to float around on
the web, like one which changed MvC2's (IMO, awful) soundtrack.

One thing I lament in hindsight was that the CD's we burned were _not_ GD-
ROMs, and so the backups or ROMs we burned often had their assets compressed
in order to fit on the smaller disk.

Further pity is that even 15ish years later, many people in the ROM collection
scene are _still_ relying on those early, compressed CDI rips that were made
over a decade ago. The higher-fidelity GDI dumps are comparatively rare and
hard-to-find, especially with such reliable repositories as Emuparadise
shutting down. If I had the proper equipment, I would probably try to make
proper GDI dumps of my collection.

~~~
busterarm
What!? "I wanna take you for a ride!"

The music is one of the most memorable parts of MvC2. It pretty much sat as
the capstone of a decade of fusion jazz soundtracks that seemed to dominate
Japanese games, fighting games and Capcom games in particular.

~~~
AdmiralAsshat
Context:

Once upon a time I had a stomach virus. The virus left me running to the
bathroom frequently, and at its worst stage left me hunched over in the
bathroom for the better part of an hour. Additionally, the only separation
between the adjacent bedroom and the bathroom was not even a proper door as
much as a stall door--it was very easy to hear whatever was going on in the
next room.

During this time, my younger brother was in the next room playing MvC2 on the
Dreamcast. My brother had this annoying habit of just leaving the system on
and walking away when he went to go do something else, rather than turning off
the system or the TV. So he did as he usually does and walked away after a
match, leaving the game running at the versus menu character selection screen.
And so for the next 40 minutes, I was trapped in the bathroom, too nauseated
to move, and listening to this on repeat:

[https://www.youtube.com/watch?v=KY-
CeeQLCE4](https://www.youtube.com/watch?v=KY-CeeQLCE4)

It was after this incident that I decided to change MvC2's soundtrack.

~~~
busterarm
Fair point. I will say though that leaving this game on Character Select for a
while and that music is pretty much a universal experience for MvC2 owners and
for most of them one of the things they love about the game.

------
amatecha
I just wanted to drop in and point out this author has published a couple
excellent books analyzing the engines behind the popular first-person-shooter
games Wolfenstein 3D[0] and DOOM[1]. Excellent reads if you're interested in
the inner workings of these games (and by extension, others like them)! (Yes,
he links the DOOM one in the article, but wanted to call them out specifically
as being awesome ;))

[0]
[http://fabiensanglard.net/gebbwolf3d/](http://fabiensanglard.net/gebbwolf3d/)
[1] [http://fabiensanglard.net/gebbdoom/](http://fabiensanglard.net/gebbdoom/)

------
gwbas1c
> SEGA engineers knew that MIL-CD booting could be used as an attack vector so
> they added a protection.

> The mashed potatoes problem was solved when a Katana SDK (the official Sega
> SDK for the Dreamcast) was stolen[6] by the hacking team "Utopia" in late
> 1999. It turned out that the scrambler was nothing more than "security
> through obscurity".

I doubt this was security through obscurity. Most likely, it was hard (or
impossible) to burn a GD-ROM for internal testing. Thus, this mechanism was
probably used to burn games onto CDR for internal testing.

I haven't seen anything that explains how scrambling and descrambling work;
but it's important to understand that, at a certain level, all encryption is
"security by obscurity." It just comes down to how easy or hard it is to
figure out how to bypass. In this case, hacking to get ahold of the scrambler
is no different than getting ahold of the private part of a key pair.

Edit:

> SEGA quickly released a DC v2 which disabled MIL-CD altogether but
> unfortunately damage had been done. With revenues plummeting and the PS2
> ogre coming out, developers abandoned the Dreamcast and SEGA retired from
> the hardware manufacturing business in order to focus on software.

I also wonder if disabling this system was "the straw that broke the camel's
back?" If I were a developer and it suddenly became much harder to test, I'd
probably think very critically if it's "worth it" to jump through so many
hoops for such a small market.

~~~
benchaney
> I haven't seen anything that explains how scrambling and descrambling work;
> but it's important to understand that, at a certain level, all encryption is
> "security by obscurity." It just comes down to how easy or hard it is to
> figure out how to bypass. In this case, hacking to get ahold of the
> scrambler is no different than getting ahold of the private part of a key
> pair.

This isn’t true at all. There is a very significant fundamental difference
between obscure information and secret information. Obscure information is by
its nature known to many people. There are likely hundreds (if not thousands)
of engineers who had access to the code or design documents that describe the
scrambler. Information about it was probably given to sales people and
representatives at other companies, and transmitted insecurely over a variety
of communication mediums. Compare that to secret information, which is known
only to the parties using it to authenticate.

Perhaps you could argue that in this case, security by obscurity was not the
reason that the system failed, but that isn’t the same as saying all
encryption isn’t security by obscurity.

------
londons_explore
Did the breaking of the copy protection on the Dreamcast really play a big
part in Sega's downfall?

If so, it would be one of the only cases I know of where IP piracy led to
financial ruin of the content creator.

~~~
jsiepkes
Well the hack had a really low entry barrier. As in; no hardware modifications
needed. You could just download an ISO from the net and you were good to go
with your unmodified Dreamcast.

In contrast the other consoles in that era Xbox, PlayStation, etc. all needed
hardware modifications in order to run copied content.

~~~
Ntrails
But, and maybe I'm mis-remembering, how many people were actually active
netizens at this point in history, able to find the ISO? Thinking back to when
the dreamcast was a big console - I don't feel like it was common enough to
really make a dent in dreamcast owners?

Also, and again only from vague memory, wasn't the dreamcast itself
underselling drastically. If it was game sales that broke the manufacturer
then maybe - but I recall the console itself being a bit of a flop?

~~~
cesarb
> But, and maybe I'm mis-remembering, how many people were actually active
> netizens at this point in history, able to find the ISO?

Does it matter? You only need a few people to download and burn the CDs, and
sell them in stalls or out of a backpack. From what I remember from that era,
physical distribution of warez through burned CDs was very common.

~~~
izacus
This was also the case for PC games and those made healthy profits in that era
too. So blaming piracy seems to be more pushing a certain idea than the actual
cause of Dreamcast issues. Especially since the hardware itself sold poorly -
if piracy would be to blame, you'd see a lot of unit sales and low game sales.
Which did not happen.

------
laurent123456
Interesting that they've invested so much in designing a new unique type of
CD-ROM, even being the only one to manufacture it, and then being caught by a
feature they didn't even need. The obfuscating trick was also kind of lazy
from the dev team who added it.

But I don't think this hacking was the reason for the end of Sega, because
nearly all consoles at that time could be modded to play hacked games. Sega
had been messing up for years before that, with all the useless hardware
(Sega-CD, Sega 32X, and even the Game Gear and Saturn weren't big successes)
they had been releasing after the Megadrive. The Dreamcast was good but just
no good enough to save the company, they basically would have needed a console
that completely dominate the market to recover, and to compete against Sony,
Microsoft and Nintendo.

~~~
ljf
It is easy to say 'didn't even need' \- as this misses the huge draw that
karaoke devices had in Japan and beyond at the time. Plus VCD had a huge draw
across many Asian markets. These could have been the Dreamcast's 'killer app'
in an alternative path.

------
mysterydip
Semi-related, there's a piece of hardware being made (some parts 3D printed
even) called GDEmu that replaces the optical drive components with an SD card
reader, allowing people to play (backups of legally owned games) on their
original hardware without wearing out the drive mechanism.

~~~
SmellyGeekBoy
In my case I got fed up of replacing drive mechanisms after about the third
one so I invested in one of these. It has the side benefits of much faster
loading times and a much quieter console all round, too.

I won't deny that there is also a piracy aspect to it - I have a fairly large
collection of boxed original Dreamcast games but there are a few on my GDEmu
that couldn't be classed as "backups". The unreleased Half-Life beta is well
worth checking out, for example.

------
phusion
I loved doing this on my Dreamcast back in '99\. It was the first console I
ever managed to "mod" \-- even though it's completely a software mod.

At first we had to download loader discs, just a few hundred Kb on a disc,
then pop in the 1:1 burned game. Eventually they managed to put the loader on
the game ISOs and you could just burn a game and pop it in. Plenty of fun,
lots of great games and it primed me to eventually crack open my Xbox for the
007 Nightfire exploit.

------
londons_explore
The fact this was broken by stealing a developer's SDK is disappointing. Real
hackers would have disassembled the machine to reverse engineer it, rather
than using black market/social engineering tricks.

~~~
cdmckay
I think if getting the SDK was enough to crack the copy protection, it
would’ve happened eventually.

The key seemed to be the descrambler.

Why on earth did they scramble the executable in a deterministic way?

~~~
caf
_Why on earth did they scramble the executable in a deterministic way?_

Because they wanted official developers to be able to create MIL-CDs that
would load.

They just didn't want anyone else being able to do that.

~~~
cdmckay
Just seems like inevitably people would figure it out.

------
masto
I remember those days. I was working at a small company, and a coworker and I
had Dreamcasts. He also had small children and felt that the cost of games and
their short attention span was a good excuse for piracy. He downloaded
everything posted to a Usenet group for Dreamcast games and burned two copies.
Every morning I’d come in to a pile of CDs on my desk. I only recently threw
them out, several spindles full of them. Hundreds of games, many I never even
tried playing. It was bizzarre.

------
astrostl
This is easily the easiest piracy situation I've ever seen: if you had an
unmodified Dreamcast, a CD burner, and broadband your only steps were to
pirate DiscJuggler, then the games themselves. I knew many people with
Dreamcasts in this era, who bought them around launch day without even a
thought of pirating, then went on to buy zero (0) additional games because it
was so easy.

The conversation here seems to settle on the idea that piracy wasn't a primary
cause of the system's failure, and I could hardly disagree more from what I
widely observed (local + gigantic internet communities).

------
anjc
I don't think this contributed to the Dreamcast's downfall.

Given the state/speed of CD Writers at the time, quality of CDs, difficulty of
finding ISOs, download speeds, and the temperamental Dreamcast laser, it was
far easier to just buy games imo. It was even easier to chip your Dreamcast to
region unlock it and buy cheap, legitimate Jap/US games, rather than wasting
CD after CD trying to burn them.

~~~
DanBC
There was an active Usenet news group for Dreamcast binaries and that would
have almost all content available.

------
RyanShook
Crazy that the entire OS used by the game was loaded from the disc. Also
interesting that the backdoor needed to make pirate copies viable was built-in
and known from the beginning. Seems like vulnerabilities usually come from the
edge use cases that sound like features but are actually attack vectors.

~~~
LeftTurnSignal
> Also interesting that the backdoor needed to make pirate copies viable was
> built-in and known from the beginning

On assemblerforums, I remember reading a post from someone who claimed to be
from Sega about the DC. He also said they knew from the beginning, but did it
anyway. He said most people knew or had an idea that this would be Sega's last
console, so they didn't put as much time into DRM and such as they would have.

Could never verify that it was a Sega person, but the way they spoke about
stuff led me to believe it was legit.

Back in the early 2000's once it was canned, I always liked to think that it
was put there by someone intentionally who knew the system was going to fail.
This way piracy would keep the system alive longer than any manufacture would.
That piracy part is at least true since some company released a new DC game in
the past year or two.

/I want to believe

------
ngcc_hk
Sad story. Steal. And bring down the shop.

~~~
GaryNumanVevo
Unsure if you have the context. The Dreamcast didn't sell very well at all.
The game they use as an example was released a year after the Dreamcast was
discontinued.

------
syspec
I remember downloading ISOs as rar file collections overnight off of IRC
channels while in high school. I remember the magic of PAR files, being able
to replace any particular file I was missing.

One thing i also remember is how it taught me an upside of actually purchasing
games. I ended up having so many DC games I barely played any, because I
became more interested in simply collecting them.

I would later decide against missing my consoles for that same reason.
Although those Wii mods looked pretty sweet, with their home screen
replacement and launchers

~~~
rtpg
For me by the time I got a Dreamcast games were hard to come by, but I was
still pretty limited by slow download speeds at home / not that many CD-Rs so
I got to experience most of the great games at a fun pace.

I think it’s hard to overestimate how important privacy is for building wide
fanbases. Games are expensive, kids have time but no money.... of course now
that I have a job I can just get stuff off of Amazon and not worry about
patches.

------
baochan
Are there articles out there about how modern copy protection works? I'm
interested in why there aren't Switch flash carts, or why there aren't shady
companies with BD-ROM pressers making bootleg copies of PS4/XB1 discs.

~~~
AgentME
I think the copy protection on the original Xbox, the 360, and probably most
modern consoles worked like this: executables must be signed, executables must
list what types of media they can be run from, the system supports a special
type of disk that CD burners and regular disk pressers can't produce, and all
game executables specify they can only be run from the special type of disk.

With the 360, you can do a firmware hack to the system's disk drive to make it
report every disk is the special type of disk to allow you to play games from
burned disks. There are some known utility/demo disks containing executables
signed to be executable from burned disks, so they can be copied (and have
resources modified if the executable doesn't verify the signatures of
everything it loads).

------
timwaagh
interesting. it seems a minor factor though. dreamcast had good gfx but a
lineup kids did not like (i know, i was one of them).

------
sergiotapia
So piracy literally killed my favorite console. What a shame!

~~~
rasz
It didnt.

