
Sega Saturn CD Cracked after 20 Years - flurpitude
https://www.youtube.com/watch?v=jOyfZex7B3E
======
majke
This is amazing. The video avoids too technical language, and basically
explains the whole process of reverse engineering. I think this is the best
explanation of reverse engineering I've seen in a long time.

~~~
Gracana
Micah Scott's toastermelt videos are another great example of reverse
engineering workflow/techniques. More technical and detailed but still very
accessible.

~~~
ZenoArrow
I tried looking for those videos but haven't found them yet, do you have a
link?

~~~
reitoei
Poster meant 'Coastermelt':
[http://www.misc.name/coastermelt/](http://www.misc.name/coastermelt/)

~~~
Gracana
Whoops, yeah, that makes a lot more sense. Thanks.

------
apecat
Wow. I certainly hope someone with a lot of power over company culture at,
say, Apple is watching this. And that they get inspired to think about
cultural preservation.

I really think it should be a standard act of corporate responsibility and
platform stewardship to make it so that work like that of Professor
Abrasive's, is not the only spare key we have to current culture a few decades
down the road. We as a global culture just might be really, really lost and
bereft of history if that was to be the case.

I frankly think that Apple under Tim Cook is in a historically unique position
of making cultural preservation of games and software feasible and something
built into the whole social and legal contract of proprietary, locked down
platforms. It's not like Sony is going to lead the way with the PlayStation?

I mean, to really make preservation legit, there needs to be some sort of
useful official emulation and data extraction capability down the road. For
all we know now, there might be terrible legislation that prohibits reverse
engineering in a lot of jurisdictions.

There's of course a lot problems to solve, with all the crypto and stuff, and
licensing, but someone should be on this. Especially since software
distribution is becoming all ephemeral and download based! Not to mention the
cloud fragmentation of personal data.

~~~
shmerl
To fix it, people should stop using DRM. Or as a first step to repeal crooked
corrupted laws which declared breaking DRM illegal even for legitimate
purposes.

[http://www.fixthedmca.org](http://www.fixthedmca.org)

~~~
tremon
As an alternative: we could demand that, for works that are only released to
the public in encrypted form, an unencrypted copy is put in independent escrow
(e.g. Library of Congress) to qualify for copyright protection.

~~~
LeifCarrotson
That's an interesting and compelling idea.

But that database of unencrypted copies would be the ultimate target for
industrial espionage, copyright theft, and hacking. I don't think we can trust
any one organization with that responsibility.

~~~
shmerl
I think it has a more obvious problem. No one will be updating those copies
even if they will be released once. It's simply a mess to manage.

------
shmerl
Amazing work. Also highlights how paranoid DRM proponents often are going to
such lengths to cripple the hardware.

Breaking DRM is like finding a cure for insanity ;)

~~~
quakeguy
"Breaking DRM is like finding a cure for insanity ;)"

Well said.

~~~
lunchTime42
Remeber those Arcade Game-Memory manufactured into the battery? You had to
break the battery and (suppossedly) cut the powersupply to get to them.

Isane.

~~~
shabble
Are you thinking of Suicide Batteries?[1]

IIRC, tehy're a major hindrance to people who want to legitimately restore old
arcade/pinball machines, rather than just grabbing a cracked rom.

[1]
[http://www.arcadecollecting.com/dead/](http://www.arcadecollecting.com/dead/)

~~~
lunchTime42
Yes, what a wonderfull example of corpoorate paranoia. They are out there- the
enemy, the other tribesman and there psychopaths- out to get me, my fortress,
my product for cheap- but i will show it to them, i shall leave no mark upon
this world, for which i shall be remembered.

Ten layers of tinfoil can capture pirate-bullets.

------
donatj
I can't wait for him to start selling these! I would buy one in a hot minute.
My Saturn is collecting dust and there are so many games I just can't get my
hands on for my Saturn, and emulation in my experience hardly works. It's way
too weird a machine.

~~~
kevin_thibedeau
As an Aussie he's going to be subject to the TPPs DMCA-lite restrictions on
circumvention devices once it's ratified.

~~~
Benjamin_Dobell
I live in Australia and wrote Heimdall[1], an open-source reverse engineered
tool for flashing Samsung phones.

I can assure you, I am _not_ looking forward to the TPP!

[1] [https://github.com/Benjamin-Dobell/Heimdall](https://github.com/Benjamin-
Dobell/Heimdall)

~~~
voltagex_
Thanks for Heimdall. Samsung really don't seem to like developers that much,
and Heimdall was a godsend when I had an S3.

~~~
mavendependency
What's wrong with odin? Other than the moral aspects of using leaked software?

~~~
voltagex_
I think Odin was Windows only, there were multiple old versions floating
around and how do you know what you're really running? (as Administrator, too)

------
voltagex_
I'm so so glad he mentions archiving in this video - I don't think enough
thought has been given to the impact of DRM on museum collections in 10-50
years.

~~~
jonhohle
I'm going through this as a relatively new PS Vita owner. Sony decided to go
with proprietary game cartridges, proprietary memory cards, and DRM'd digital
distribution. Despite the quality of the games and hardware, the system didn't
do well commercially and it appears Sony has lost interest in the system and
it's sibling PS TV/Vita TV.

There are a lot of great games (including PS1 and PSP games) for the system,
but once the hardware dies or the download servers are shut down, what is left
for people who still want to play these games?

In the back of my mind I've been thinking what digital consumer rights look
like. It seems like this point in history has laws that favor publishers more
than consumers or the public good.

~~~
skoczymroczny
Players overwhelmingly vote with their wallets in favour of DRM. Just wait
until some day Steam servers get shut off, the backlash will be massive.

~~~
zerohm
I don't know any players that are in favor of DRM per se. Players are willing
to accept DRM, IF it is transparent, and even more willing if it enables some
perks.

There was a time when DRM was only visible when it broke your legitimately
purchased game (e.g. SimCity, Diablo 3)

Now at least gamers are getting some decent perks from DRM (e.g. digital
loaning, play anywhere, cross platform licensing) so it's a bit easier to
stomach.

~~~
colejohnson66
> Now at least gamers are getting some decent perks from DRM (e.g. digital
> loaning, play anywhere, cross platform licensing) so it's a bit easier to
> stomach.

That's because people have been vocal about that. If the companies had it
their way, I'm sure the majority would want you to buy a new license for each
platform and system (like how the cheap Windows licenses are - locked to your
system)

~~~
zerohm
Yes, I'm sure companies want to maximize sales, that is their job. And yes,
people were very vocal about shitty DRM (and rightly so).

The old way of doing business was proprietary everything. (See Sony in the 80s
and 90s) I'm just glad manufactures finally saw that locking things down so
much increased customer anger and frustration more than it increased sales.
Being a child of the 80s, I'm still surprised at stuff like using a generic
USB thumb drive in an Xbox 360 and things of that nature.

------
Unklejoe
Great work.

These crazy reverse engineering projects kind of make me feel insecure about
my own abilities, as weird as it sounds.

I wonder if I would have been able to come up with the same solution if I
worked at it. My fear is that I would not, but who knows.

A lot of it is purely analytical, but there is a portion that relies on pure
creativity and problem solving abilities.

I understand the process he went through as well as the technical details
behind it, but following along is much easier than looking at a circuit board
with a blank face, wondering where to begin.

I spent the last 2 hours last night just reading about Sega Saturn…

~~~
centizen
If it took 20 years for the reverse engineer community to get to this point I
wouldn't sweat it if you don't think you could do it on your own.

------
mmastrac
This appears to be where he actually dumped the ROM a few years back...

[http://assemblergames.com/l/threads/saturn-cd-block-rom-
dump...](http://assemblergames.com/l/threads/saturn-cd-block-rom-
dumped.52419/)

------
kilroy123
Holy hell what an amazing hack. This guy must have spent hundreds of hours on
this.

~~~
nacs
He mentions at one point that he's been working on it off and on for a few
_years_ so definitely at least 100s if not thousands of hours.

~~~
janvdberg
In this [1] forum post, from yesterday, he says: "I've put thousands of hours
into this project"

[1] [http://assemblergames.com/l/threads/saturn-cd-block-rom-
dump...](http://assemblergames.com/l/threads/saturn-cd-block-rom-
dumped.52419/page-13#post-891851)

------
pedrocr
He mentions archival as a motivation but can we trust the rest of the hardware
to last more than a few decades? Isn't emulation the real archival solution?

~~~
ekianjo
Yabause already exists but it's not a perfect emulator yet. So right now the
best way to enjoy games as they were is still the original hardware.

~~~
erikj
SSF exists and is much better than Yabause, although it's not open source.

~~~
ekianjo
Non Open Source emulators are dead in the water in terms of archiving. 10
years later if the original author is not around anymore, you won't be able to
rely on it nor improve on it. I wish all emulator writers understood that.

PPSSPP and Dolphin have made great progress BECAUSE they were open.

~~~
oldmanjay
I would imagine a fair few emulator writers don't much care about maintaining
the "backups" fiction, even under the classier name "archiving"

~~~
cmdrfred
Historians in 2200 will be thanking them none the less, we lost a lot of early
film lets not let that happen to this art form.

~~~
rbanffy
And it's not only film. Early television, audio recording, books (in special
in times when copying them was costly)... The list of information we lost is
enormous.

------
donpdonp
Here I thought the title was describing how plastic CD media became brittle
after 20 years. The hack is way more interesting.

------
supernintendo
As a Sega fanboy, this makes me happy. That copy protection scheme (outer ring
spiral) is quite something. I find it amusing that Sega went with yet another
proprietary disc format for the Dreamcast (GD-ROM) and that system is able to
load homebrew code from any CD-R / CD-RW without any modifications to the
hardware.

~~~
lucb1e
> That copy protection scheme (outer ring spiral) is quite something.

Yeah about that, I don't get it. Is there data hidden in that spiral that acts
as a checksum for the CD or something? Or is it of special material that
lights up differently under certain light (like money)?

To me it doesn't look that hard to duplicate a simple spiral, but then I know
nothing about it.

~~~
rasz_pl
original Playstation used similar copy protection trick - ASCII string
SCE(I/E/A) was stored in pregap pre-groove wobble between the leadin and the
first track. PSX used Three-beam pickup and was able to track this wobble and
extract code from radial tracking error signals. Modchips simply injected same
error signal for couple of seconds after closing CD lid, enough for the CD
controller to recognize it as "original".

~~~
voltagex_
Any idea why PS modchips used to kill the drive laser pretty quickly?

~~~
rasz_pl
they didnt. lasers were poor to begin with, plus weaker media(cdr) probably
caused extra mechanism movements (focusing)

edit: hmm, now that I think about it, its possible someone incompetent made
modchip that would keep sending wooble constantly, that could cause tracking
problems and tire mechanism pretty fast.

------
rasz_pl
Same project for original Playstation [http://ps-io.com/features/](http://ps-
io.com/features/)
[https://www.youtube.com/watch?v=GbWW1VzeRgI](https://www.youtube.com/watch?v=GbWW1VzeRgI)
. Started in ~2010

Playstation also had a trapdoor Parallel I/O port exposing raw address/data
bus, it was meant for network interface, debugging(PSY-Q) and
stuff(ActionReplay/GameShark). Great thing about that port is you can hang
your own ROM there and console will execute it while booting, no code
signing/drm crap.

Afair at the beginning PSIO patched original firmware replacing all CD
routines with its own, but later in the project it was discovered a lot of
games talked straight to the hardware ignoring SONY requirements for using
BIOS routines. This is why current version comes with small board you need to
solder inside to reroute chip select signals from the CD controller chip -
PSIO emulates that chip completely. You still get data faster than CD due to
no seek times.
[https://www.youtube.com/watch?v=Wc3rOb7Evxc](https://www.youtube.com/watch?v=Wc3rOb7Evxc)

Original work from 1999
[http://web.archive.org/web/19990220052039/http://www.geociti...](http://web.archive.org/web/19990220052039/http://www.geocities.com/SiliconValley/Lab/6332/psx.html)

Gamecube has IDE-EXI, same thing [http://www.gc-
forever.com/wiki/index.php?title=Ide-exi](http://www.gc-
forever.com/wiki/index.php?title=Ide-exi)

~~~
voltagex_
The problem with a lot of the modchips is that the companies behind them are
secretive (leading to loss of knowledge when they close) and they're just so
damn expensive.

------
dmix
TLDR (or TLDW*)?

~~~
slg
Why is this being downvoted? I think it is perfectly reasonable to ask for a
TLDR on a 30 minute video.

Anyway, the basic story is that the Saturn had copy protection in the form of
physical marks on the copy protected CDs. This puts a huge barrier to entry on
homebrew and the like, so a guy going by Dr Abrasive tried to reverse engineer
a way around that. He first looked into a way of disabling the copy protection
on the CDs to allow burned CDs to be used but that proved too difficult.

He eventually hit upon the fact that the Saturn had an external module that
could be added to allow the system to play video CDs. He then built a
component to take advantage of that fact and feed in his own commands through
this interface thereby avoiding the copy protection entirely. This allowed
content to be run from USB sticks without the need for CDs at all, lowering
the barrier to entry even more. It also helps workaround mechanical failure of
the CD drive which is becoming a common problem for the 20 year old hardware.

So now if you have this custom built component, you can take an off the shelf
system and start running code from a USB stick without any soldering, hacking,
or modification at all beyond plugging the device into the back of the
console.

~~~
simplemath
the most impressive part, to me, was how thoroughly he reverse engineered what
looks to be a crazy complicated CPU architecture - the Saturn has _four_ of
them.

Also, I love that his original motivation was to use the sound processor for
mixing chiptune, and basically opening up the entire system at metal level is
a happy by product.

ALSO, the fact that he decided that his first working prototype was too hands
on and finding a way to piggyback the video playback expansion card to make
the mod orders of magnitude less complicated to install / execute.

Super impressive stuff

~~~
Neeek
Wasn't it only one of those CPU's though? He mentioned there is a CPU
dedicated to disk operation and that's the one no one had been able to get a
ROM dump of, which in turn enabled all the other stuff? Not trying to downplay
his achievement or anything, I'm new to all this but it's easy to see that
this is some truly amazing work.

~~~
em3rgent0rdr
2 CPUs, 2 GPUs, and there is a separate CPU dedicated to disk operation which
was (almost) completely isolated. His achievement was getting access to that
disk CPU, but that access allows access to the rest of the CPUs.

------
fernandopj
This is by far the best showcase of an assembly code I've ever seen. Kudos for
the editor.

~~~
speps
It seems to be IDA, not sure what you meant by "the editor".

~~~
Keyframe
It's definitely IDA Pro. If anyone is considering how difficult this is, let
me offer you my experience. It is incredibly hard and requires utmost
persistence. I tried to refresh (learn more about) my knowledge of x86/x86-64
asm and decided to give a go on modifying a binary that was not produced by
me. It seems to be a common exercise, so I though - how difficult can this be?
Right? You follow code procedures, take note of jumps, there's even a handy
visual graph of the things, take another application that can offer you to see
function names and break calls... Suddenly, you're in this loop where you take
notes on paper (yes), you seem to understand a part, move to the next and then
you realise you didn't actually understand the part before and go back, and
then you get tangled in variables and registers..

It takes a special set of skills and a mindset to do this. I recommend
everyone to try that once. Just take a foreign binary, any which you know the
application of, and try to modify it. Then, after you give up, take a note
this was done on an unknown binary with (almost) unknown functionality. TBH,
he did say he looked up a table of known functions on a wiki somewhere, but
still...

------
tsao
One of the YT comments is about how he is not releasing the "ROM dump". Any
idea of why he isn't doing this?

~~~
voltagex_
From jhl in the forum thread:

>I, myself, am not going to release these ROMs. This isn't the first project
where I've dumped a commercial object for some other purpose and been asked to
share (see: shairport, for one), and after much thought I conclude - now, as
then - that it's not the right thing for me to do in any project. There are
legal and professional risks which I'm just not comfortable taking. That's not
negotiable.

>But that's not to say I won't help you dump it yourself. I'll have a dump
feature in the cart, and I'm sure someone will rapidly archive all the
available systems.

~~~
Someone
I'm not a lawyer, but I don't see how _" I didn't steal anything; I just broke
open the safe and told others how to get the money"_ would get you of the
hook.

~~~
TheDong
Well, it's a good thing you're not a lawyer then!

By analogy, if the original comment had been "I will not give you a copy of
the copyrighted harry potter book, but I can teach you how to use a scanner if
you'd like, and I'm sure someone else will scan it" would you say that
teaching someone to use a scanner is illegal?

It's actually typically legal to make a backup of a copyrighted item you own
for personal use if the original is damaged.

He's teaching people to do something that's typically legal, avoiding
infringing copyright by redistributing himself, and commenting that it's quite
likely others won't be so scrupulous; I don't see how anyone could reasonably
fault him.

~~~
Someone
A scanner doesn't target a single (intellectual) property. This feature of
this hack, on the other hand, would have only one use: dumping the ROM of a
Sega Saturn.

I hadn't thought of the 'for personal use' defense, though.

------
city41
Not to discount this as it's very impressive work. But replacing CD drives
with SD/hard drive based solutions is becoming pretty common. For the
Dreamcast there is the GDEmu[0], and the Saturn already has the Rhea and
Phoebe[1] (basically the same thing, each is for slightly different models of
Saturns).

The Playstation also has one, the ps-io[2]. I'm really hoping for someone to
step up and do the PC Engine, Neo Geo CD, Sega CD and 3DO.

[0][https://gdemu.wordpress.com/about/](https://gdemu.wordpress.com/about/)

[1][https://gdemu.wordpress.com/installation/rhea-
installation/](https://gdemu.wordpress.com/installation/rhea-installation/)

[2][http://ps-io.com/](http://ps-io.com/)

~~~
HemanHeartYou
>pc engine

You might be interested in the turbo everdrive from
[http://krikzz.com/](http://krikzz.com/)

------
tomphoolery
I'm glad someone else out there digs the Sega Saturn because I always felt
left out being into Sega games while the rest of my friends were Nintendo kids
all the way.

------
Bromskloss
Does Sega gain anything from not just releasing all the information?

~~~
grawlinson
There's zero benefit in doing anything like this.

Not to mention that all the relevant information may not exist anymore, or is
in a storage facility somewhere growing mold.

~~~
Bromskloss
> There's zero benefit in doing anything like this.

I don't know. Winning people's hearts? For the fun of it?

~~~
grawlinson
>I don't know. Winning people's hearts? For the fun of it?

That's true, but as long as they can still make money from their IP they won't
(i.e. repackaging old source + game(s) into a VM for sale on Steam or next-gen
consoles)

Some of the source code/etc may be licensed from a third party, which means
that releasing it is treading through a legal minefield.

~~~
TeMPOraL
In cases like these I'm thankful for pirates. When an interesting project is
about to die because all the stakeholders lost interest and there's too much
legal mess to deal with to give it away, it's good if there's someone that
steps in, ignores that legal mess altogether and simply dumps the product on-
line.

------
83457
If only the Dreamcast protection had been that good. Was really disappointed
when it died :(

~~~
Grazester
You certainly didnt know the history of Sega or the Dreamcast if you think it
died because of piracy. ...with that thinking then the Saturn would of been an
ultra success.

~~~
PostOnce
I knew a lot of people who owned a Dreamcast and no games.

No modchip required, no soldering, broadband penetration on the rise,
filesharing was now a thing.

I completely understand the Saturn's botched launch and limited number of
retail outlets, but the Dreamcast had the best launch of all time up to that
point and broke sales records.

I'm not convinced piracy is not in fact the cause of the Dreamcast's demise.

I really did love the Dreamcast, built in modem and the second-screen VMU.

If you don't think piracy killed it, what do you think killed it? The PS2?

~~~
toast0
No EA Games, when Madden was huge; no DVD player, and the PS2 hype cycle was
perfectly timed and had an even better launch. Wikipedia sales numbers for the
PS2 and Dreamcast say the PS2 sold 10.6M by March 31, 2001, whereas the
Dreamcast was dead by then and only sold 9.13M. Sega also had troubled
finances as a result of the Saturn.

~~~
PostOnce
the 2K Sports series negated the need for EA and sold so well that EA sought
out an exclusivity contract with the NFL so that 2K would be killed?

The DVD drive after the ps2 was released probably would be a huge factor
though, if the dreamcast wasn't in fact already dead which it was.

I'm sure some business school guys have written papers on this, I should find
them. Would be interesting to read all the opinions on Sega's near death and
exiting the hardware business.

~~~
83457
I actually preferred the 2k football games so EA getting exclusivity there was
annoying.

------
orblivion
How is the Saturn's protection so much more effective than more modern
systems?

~~~
tlrobinson
I'm guessing it was state of the art at the time it was released, but wouldn't
hold up nearly as well in a mass market console these days.

~~~
orblivion
Then why did it take 20 years?

~~~
ygra
It's not a mass-market console anymore with little interest or incentive to
break it.

------
MrTortoise
haha awesome

I applaud crazy fuckers like you. The world needs more of you.

Well done sir.

------
peterwwillis
I was just thinking about the Saturn at a nerd memorabilia store, as this was
the one system I saved my money up to buy at 11 years old. What an utter
disappointment of a system (in terms of games), but what a great hack. Makes
Dreamcast hacking look like Lego Logo.

~~~
Grazester
The Saturn had great games what are you talking about? Maybe it didnt have all
those game your schoolmate was playing on his Playstation but does take away
from some of the great games it did have

------
bluesign
I am not good with electronics tbh but why it is not possible to mitm the
connection between CD drive and motherboard? As far as I see from 'swap disk'
technique outer protection track is not changing depending on game

~~~
DigitalJack
you can, but the drives are starting to fail now.

~~~
bluesign
I meant mitm on CD rom side, as the protection track unique, could be simpler
approach (which later you can remove optic drive with SD or usb)

------
tlrobinson
Possibly stupid question: why didn't some enterprising person figure out how
to produce CD-Rs with the copy protection wobble track? Is the market too
small vs the cost of required equipment? Would it have been illegal?

~~~
mech4bg
I found this when looking for more info on the "wobble":
[http://assemblergames.com/l/threads/saturn-copy-
protection-a...](http://assemblergames.com/l/threads/saturn-copy-protection-
and-cdrs-the-conclusive-end.50295/)

"I hope this lays the matter to rest, and prevents anyone from wasting more
time on it (like my day burning useless discs). I'm sure someone will wave
their hands around and say that custom burner firmware could do the job, but
good luck finding a burner with a programmable DSP in the pregroove tracking
loop and managing to modify it to do the job."

------
hyperion2010
Echoing what others have said, I never knew about just how amazing the
engineering on the Saturn was in terms of incredibly tight timing.

~~~
Bromskloss
Was that a good thing?

~~~
em3rgent0rdr
Arguably it can be better than blocking threads, which can waste precious time
for synchronization. But if you design your code with precise timings, you can
ensure that the different processors will complete their work and communicate
their data at a precise time, thus saving code and time.

Harder to program of course.

------
rsync
It may interest folks to know that all Sega Saturn games have their audio
encoded as plain old CD audio tracks. You can put your Sega Saturn disc into
any old CD player and play all of the music tracks.

You can also rip a sega saturn CD in your computer. I particularly enjoy the
music from Sega Rally Championship and Virtua Fighter 2.

~~~
bydo
Many, but certainly not all. Redbook audio (along with tons of grainy low
resolution FMV) was more common in the earlier days of the CD-ROM, when
creators were trying to justify the format, but hadn't figured out more
interesting ways to make use of the space.

------
jryan49
Anyone know what program he is using to view the dumps?

~~~
machinagod
IDA Pro.

------
SonicSoul
wow! THIS is what hacking looks like. these days the term seems to have been
muddled and interchanged with "programming". True art of reverse engineering
something you don't have a full manual for (and can't ask StackOverflow).

------
Ocerge
What a legend. This video is absolutely inspiring.

------
zouhair
Only 20 years to go and Denuvo is done for.

~~~
voltagex_
[http://www.pcgamesn.com/rise-of-the-tomb-raider/denuvo-
drm-c...](http://www.pcgamesn.com/rise-of-the-tomb-raider/denuvo-drm-crack-
torrent)

These days my interest in game cracking is mainly for archival purposes. (are
you going to be able to play this game in 50 years?)

~~~
zouhair
I follow /r/crackstatus but it is far from being really done. This said I
think all things equal piracy is a good thing for the gaming industry and
without it I would not have been a gamer who now have more than 300 games in
Steam and many more in GoG and Blizzard games too Back in the day I wasn't
rich and even if I had money I couldn't buy games because I had no access to
them living in a third World Country, but piracy made me a gamer.

------
lmz
All that effort from Sega but I remember modchips being available to run
pirated Saturn games when I had it.

------
DeepYogurt
Awesome video. Thanks for sharing.

------
Halienja
So the system "just works" without the game disc. Mind blowing!!

