HN Theater @HNTheaterMonth

The best talks and videos of Hacker News.

Hacker News Comments on
Sega Saturn CD - Cracked after 20 years

debuglive · Youtube · 1280 HN points · 5 HN comments
HN Theater has aggregated all Hacker News stories and comments that mention debuglive's video "Sega Saturn CD - Cracked after 20 years".
Youtube Summary
Update Feb 2017 - you can now support this amazing guy via patreon:

A detailed look into Dr Abrasive's lab and what it took to engineer a plug-in-flash-card for the Sega Saturn.

Update: Dr Abrasive now has a twitter! Discussion is now over at

FYI: This is not a commercial product. It also is still being tweaked.
FYI: The sound patch designer tool shown is in early early days!
HN Theater Rankings
  • Ranked #14 this month (jun/jul) · view
  • Ranked #11 all time · view

Hacker News Stories and Comments

All the comments and stories posted to Hacker News that reference this video.
Jun 14, 2022 · 133 points, 39 comments · submitted by swills
Saturn has several options for playing backups:

Pseudo Saturn Kai: a firmware for the pro action replay cartridge that will boot non-official discs. Affordable and no modding required.

Phantom mod chip: like a classic playstation mod chip, but it plugs into the ribbon cable between the optical drive and the main system board. It needs one wire other than the ribbon cable, to provide 5V power.

Satiator: As shown in this youtube video, plugs into the VCD port on the back of the system and runs backups with no modding required.

Optical drive emulators: TerraOnion MODE, Fenrir, Rhea & Phoebe, these all replace the CD drive in the stock console.

Great overview, one correction:

Satiator doesn't play backup discs. It plays your games directly from an SD card.

I've always been interested in electronics and programming, and I've always struggled to write excellent code. This guy, on the other hand, makes it look easy.
Ive seen this video pop up again and again over the last 5 years. I have 1 question: when/where can I buy one!
Interesting. He went back to SD card from USB storage.
Thanks very much!
This has got to have been one of the weirdest game systems ever. Even the games were weird. Innovative and the graphics were mind blowing for its day but.....Knights? What an odd but unique game.
Disappointing that he didn’t elaborate on how the rom was dumped.

Also please check out the discussion on mil-cds here

Edit: found the scrambler algo for milcd if anybody is curious (google was useless thank heavens for kagi)

I brought Saturn CD to a 1995 New Years party as a teenager and was so cool that day. I only ever had Virtua Fighter though and that was the last gaming console or game I ever bought. I just remember it being a massive waste of money for me. $399 in 1995 dollars, about $690 adjusted for inflation with a CPI calculator.
As complementary info, the copy protection of the Sega Saturn was cracked already in the second half of the 90s. I had a "modchip" in my Saturn already in the late 90s, and more or less every game title was readily available as a PAL/NTSC region-unlocked ISO dump to be burnt on a blank CD-R.

The effort in this video is about deconstructing the CD drive's protocol and link-layer, to allow for disc emulation with flash memory storage.

It was also possible to copy games using a cd burner and boot them without any mod chip.

During the boot process the Saturn would check the drive for an authentic disc. Once the check passed, the drive paused and prepared to boot the game.

At this point of pause you could swap the authentic disc to a completely different pirated game (one burned onto a normal CD-R that would fail the first boot check).. Timing the swap correctly, the Saturn would play the pirated game.

There are also ways of bypassing the protection using the memory cartridge port. Cartridges with Pseudo Saturn Kai pre-installed are readily available these days.
What prevents current generation consoles from loading a game that was copied exactly from the original disc to another Blu-ray?
Do you have a Blu-ray mastering and pressing operation? In that case, not that much.

Do you just have a Blu-Ray optical burner? Burned discs are typically simple to distinguish from pressed discs, so you can't make an exact copy.

Some early CD systems were made before CD-Rs were common (or maybe even contemplated) and didn't have mechanisms to check media type, but modern consoles know about these things.

Simply the fact that it's actually very hard to make an exact copy of the disc. You can make an exact copy of the files, but there are layers underneath the file level that are harder to duplicate correctly, and the copy protection uses idiosyncrasies in that to work out if the media is original.
Why can't you also make a copy at the block level?
BR is one part key exchange, one part manufacturing, one part firmware lockouts using that key. So if you mod a drive you probably could get raw data from the disc. The problem is getting that back out to a disc correctly that another unmoded player would like it. There are projects out there that are reading data right off the read head. But they are more focused on laserdisc items.
A simpler explanation than some of the below: imagine a damaged CD (or floppy) where one of the “blocks” returned inconsistent data.

    for x = 1 to 10:
         total += (read $DAMAGED_BLOCK) mod 2
    assert total > 2 and total < 8
Basically you’d need extra metadata to go along with your block-copy and a custom driver to know which blocks should return inconsistent data.

Plain English explanation of the above code would be read a sector multiple times, make sure it is never always just even or just odd, but instead varies.

Usually perfection in digital media is what you strive for, but strategically introducing imperfections has a long history in authenticating “genuine” products.

So think of a block on a CD as some amount of data (like 512 bytes), and some amount of error correction bytes. When the CD is copied those blocks aren't copied exactly, but the data is read, corrected and the block is written with the corrected data and error correction data. Most formats don't record bad blocks, nor do consumer writes write invalid blocks.

One of the original methods used as copy protection used a special industrial writer write a invalid block, data was ok but the error correction would say it's something different, and check because the consumer hardware wouldn't read or write these blocks.

Yes, that's one of the ways. The block size on a CD is 2kB plus error correction, by the way.
> Why can't you also make a copy at the block level?

I don't know about CDs / BluRays but similar to what user jaywalk answered: back in the floppy disks days some copy-protection relied on physical differences created on purpose on the original game. It could be something as "simple" as damaging a track on purpose, by punching a hole in it. Then the game would try to read the data, any data, from that track. And the read command had to fail. A dumb block level copy wouldn't work: it could of course not physically punch a hole in a floppy disk.

So pirate groups would crack the game and ship a version of the game without the copy protection and these could be copied at will.

Protection is at the physical level. I mean, it was for the CDs, but you can easily imagine stuff that you can press onto the disc that your burner can't do.

Part of the copy protection includes physical features of the disc that must be pressed into it when it's produced, meaning a BluRay writer has no way of replicating it.
This is usually what they add, though the Nintendo Gamecube used a DVD-similar format at a different size to make it harder to copy. They also ran at CAV (constant angular velocity) instead of constant linear velocity (CLV) which lead to the rumor that they "spin backwards".
My understanding is that the PS1 copy protection encoded the first pits and peaks in a way that a normal CD drive’s error correction logic would tolerate, but in such a way that the special firmware on the PS1 could detect the profile of the “errors” and ensure they matched expectations.

Consumer CD Burners didn’t have firmware (or maybe even the physical capability) to reproduce these “errors”.

Imagine a vinyl record where the start of the track has a groove that isn’t perfectly tracing the perimeter, but is actually a low amplitude sine wave of a certain frequency, waving in to the center and out to the perimeter. Any record player could trace the groove correctly, despite the fact that there is a low amplitude sine wave, and you’d hear the audio correctly (error correction). But a special record player could even detect the sine wave and reject records that don’t have it. I’m hand-waving away the fact that you’d get a little bit of wow and flutter from the sine wave, but you get the idea.

Excellent analogy. You could, if you had a full CD pressing & mastering plant, copy those discs with "wobble groove" and all. But it's a clever clever side channel.,w...
Awesome, I learned a lot in this thread. Thank you (plural) for the answers and your time to reply to my question!

Afaik Wobble is pre molded in polycarbonate layer and cant be altered by CD Writer no matter the firmware.

Reminds me of the BleemCast CD's - with the right one you could play PS1 games on a dreamcast! And it nicely upscaled the resolution and everything. Such an odd product
Even though emulators were a thing and we had seen copying devices for the most obscure consoles come out of China bleem was something else. Such a mad idea and they actually made a business case out of it.
Right, the Saturn just like early versions of the PS1 had an opening for the famous "swap trick". I never used it myself other than on the PS1.
Ha yes I remember this. There was a physical mod that allowed the disk door to be opened without the ps1 noticing so you could switch disks after the verification
Purchasing Verbatim purple bottom CDR blanks to copy original PSX games was my introduction to piracy. I was quite young. Those first gen Playstations with the port in the back were amazing easy to mod with the action replay or just the swap trick.

I also jumped on the XBMC and Xecutor modchip for the original Xbox when that came out. Another mind blowing time in computer gaming.

IIRC you could do something similar with Action Replay, you would load into the Action Replay UI, swap out the disc and then boot into a pirated game
If you had the action replay cart, you could just leave it in and it would bypass the check altogether. I played burnt discs aplenty on my Saturn.
Simply not true. I own several Saturns and action replays since the 90's.

The Pseudo Saturn Action reply hack to circumvent disc checks was only within recent years released.

Weird. I definitely had a bog-standard Action Replay and most certainly played burnt discs. Perhaps my console was hardmodded, without my knowledge.

(Also, someone had downvoted you, which I disagree with completely. If I'm wrong, I'm wrong. So, here's an upvote to balance it out.)

ps2 slim also had the disc swap trick
I love hearing these stories too!

Here's a video of someone finally cracking into the Sega Saturn well after the console was current commodity:

He eventually released a commercial product, the Satiator, and I'm happy to say that it works great and is very well supported by the creator himself and the community!

For those unfamiliar, the Satiator is an adapter of sorts that lets you load Saturn ISOs onto an SD card and play them via the Saturn's MPEG adapter slot.

Unlike many solutions on various consoles that bypass the optical drive, no hardware modifications are required. Your Saturn stays intact; it's truly plug-and-play.

This sort of thing is important. Consoles (specifically moving parts, like the optical drives) and physical media from the 90s are failing. Surviving consoles and games can be quite expensive; even thousands of dollars. Emulation is imperfect and introduces lag. Satiator and other flashcarts let us play these games on original hardware and bypass these issues.

Not game related, but this is what I like about the MagicLantern hack for Canon cameras. It's just some data on your card that gets loaded at boot. If you use a card without the data on it, the camera boots/peforms as a regular stock camera. No hacking of the software on the camera itself.
I've always been curious how MagicLantern achieves this.

Wouldn't the original firmware need code to boot from SD? Maybe it automatically checks for new firmware on the card and then gets exploited from there? Does anyone know?

I always imagined it like a BIOS setting allowing you to choose boot device order. The camera looks to see if something is available on the card first, if not then it just boots to camera. It's been so long since I've set up my camera to use ML, but I know I had to upgrade the firmware to a compatible version. Then IIRC, you load the ML data on the card and tell the camera to upgrade firmware again. So it maybe something that it thinks it is a firmware upgrade but just hijacks that process to boot a full thing instead. ???
Sep 02, 2020 · 7 points, 0 comments · submitted by vinnyglennon
Related and _very_ inspiring; how the Sega Saturn CD was cracked after 20 years. Even my very non-technical girlfriend sat through this thing, being intrigued by the dedication.

Its a great story, told in a video with high production value, too bad its "innacurate". Saturn was cracked 20 years ago, you could mod it easily and play copied games. There also did exist complete CD emulators before
I love this video, i've watched it more than once!
Did the Saturn hold out for so long only because nobody cared enough to crack it? The Saturn was stillborn as far as I can tell. Sega rushed it to market to try to recapture that early Genesis magic and discovered too late that launch titles/partners are important.
Here's what I remember from the history of it all:

The Saturn was Sega's best-selling console outside of Japan. It did terribly in America, mostly because they screwed-over retailers and developers with a surprise early release. Some retailers would straight-up not carry it, American third-party support was pulled, and this all carried forward to the Dreamcast. Sega of Japan was undermining Sega of America and there's a whole tragic story behind it. The Sega of America CEO, who helped the Genesis be successful in the US, quit over this nonsense.

As far as not hacking it, it was so easy to mod the CD drive to play back-ups (1 wire and a ribbon cable) - there probably wasn't much incentive.

For anyone who likes this video, you should also checkout Sega Saturn CD - Cracked After 20 Years[0].

[0] -

Jul 11, 2016 · 1126 points, 223 comments · submitted by flurpitude
Wow. I certainly hope someone with a lot of power over company culture at, say, Apple is watching this. And that they get inspired to think about cultural preservation.

I really think it should be a standard act of corporate responsibility and platform stewardship to make it so that work like that of Professor Abrasive's, is not the only spare key we have to current culture a few decades down the road. We as a global culture just might be really, really lost and bereft of history if that was to be the case.

I frankly think that Apple under Tim Cook is in a historically unique position of making cultural preservation of games and software feasible and something built into the whole social and legal contract of proprietary, locked down platforms. It's not like Sony is going to lead the way with the PlayStation?

I mean, to really make preservation legit, there needs to be some sort of useful official emulation and data extraction capability down the road. For all we know now, there might be terrible legislation that prohibits reverse engineering in a lot of jurisdictions.

There's of course a lot problems to solve, with all the crypto and stuff, and licensing, but someone should be on this. Especially since software distribution is becoming all ephemeral and download based! Not to mention the cloud fragmentation of personal data.

Yes, there will be a day when nobody is using iPhones anymore. Hopefully our ancestor will still be able to run some of the apps in the future. Social media apps are off course thin clients.
One of the nice things about Apple's review / publish system is that it encourages multiple parties to keep release binaries around. Both parties will need them in case there's ever an allegation of malicious or dangerous code.

Also app-specific DRM is unnecessary AFAIK, so that will avoid common problems.

To fix it, people should stop using DRM. Or as a first step to repeal crooked corrupted laws which declared breaking DRM illegal even for legitimate purposes.

Yeah, well, I agree that people should stop using DRM, but it's not like it seems to be happening. And from a business point of view, it can be really hard to make that case.

Anyway, the world looks really bleak for open platforms right now.

The main example is Android. If you have like one toe dipped into a role related to infosec at the moment, you can't serioulsy recommend that people you work with or care for even touch mainstream Android phones. Because the patching situation is such a dumpster fire.

Even Google's Nexus crap that is getting patched, seems to be set on a 2 year lifecycle, with 2014 phones getting end of lifed a few months from now. Pretty weak sauce if Google's intention is to set any kind of example for vendor security support on Android.

My sister runs my first iPhone, a 2012 iPhone 5, fully patched. It's going to be supported for another year or two, probably.


I don't particularly want it to be this way, but I have to almost force people I care about to buy iPhones. It feels bad, especially in cases when they'd have better use for their money.

So with Apple, specifically, they're really good at the closed platform game and I don't see them getting out of that, especially if they're getting more into things like payment services or automotive. Their crypto stance really implies that they want institutional-level trust from their customers.


Game consoles are unlikely to quit DRM too: the only thing that'd make them stop with DRM per se is probably to make all games just streamed from the, uh, cloud. Doable... maybe soonish but that'd rule out a lot of people and use cases where the connectivity just isn't there.

That's kind of why I suggested my half-baked idea to pressure, force and shame closed platform vendors into proper legacy support as part of the "social contract". Or whatever. Not that certain "social contracts", like the ones Western countries have with banks are working out all that great at the moment.


But as I said, this idea of mine is half baked. Someone like Apple is only part of the puzzle, since apps and games increasingly rely on server backends to work properly. It's not like Apple could save the gaming world's cultural heritage in 2030 just by offering a binary blob that runs all iPhone apps from 2010.

> And from a business point of view, it can be really hard to make that case.

Not really. DRM usage has nothing to do with (honest) business cases. They are all crooked or Lysenkoist in nature (i.e. based on completely wrong / ignorant reasoning).

Also, I think you are mixing up DRM with security. DRM is the opposite of it. DRM can employ encryption, but its purpose is not to secure your system, but to police you, and because of that it actually compromises your security.

> apps and games increasingly rely on server backends to work properly.

Many multiplayer games surely do. That's why it's good then the server is open source. This way it indeed can be preserved. Otherwise, it will be lost as soon as the servers will go bust. Another option is to provide the server component with the game, to allow running it as server instance. Lot's of older games did that, allowing running LAN / WAN multiplayer without using dedicated servers. It's less common these days. Either developers cut corners with implementing it, or server components got too heavy, not sure.

Making single-player games rely on some remote services as a hard requirement is a very poor taste. Same if they have multiplayer component. It should be optional and single-player part should function without it.

> DRM usage has nothing to do with (honest) business cases. They are all crooked or Lysenkoist in nature (i.e. based on completely wrong / ignorant reasoning).

Can you explain this? The argument and terminology are unfamiliar to me. Wikipedia says:

> Lysenkoism is also used metaphorically to describe the manipulation or distortion of the scientific process as a way to reach a predetermined conclusion as dictated by an ideological bias, often related to social or political objectives.

The goal of DRM is, ostensibly, to be paid for the hard work of creating something that is easy to duplicate after being created. That's a reasonable goal, but really hard to do when the software is executing on a machine in the control of the user. Requiring a remote server is a logical way to accomplish that goal, with unfortunate side effects when that server is inaccessible.

What part of this logic is crooked or Lysenkoism?

Cory Doctorow was the one who compared DRM usage to Lysenkoism. See his explanation here:

In short, it means that logic of DRM usage is completely invalid and based on false premises (when someone tries to justify it using reasons like increasing sales for example and such).

There can be other possible reasons for DRM usage, which aren't Lyseknoist, but simply crooked. I.e. for instance, covering up incompetence, competition exclusion, standards poisoning, undemocratic policy making and so on. Those are done to achieve dirty goals, and they are harder to counteract than ignorance.

> false premises (when someone tries to justify it using reasons like increasing sales for example and such).

How is it a false premise? For the sake of argument, lets say we have a "perfect" DRM method.

Then do you believe that - for e.g. all the people who're pirating Windows - would switch to a competing product because they were not going to buy it in the first place? IMHO That would be a completely erroneous position. Maybe _some_ might, but there is no evidence that everyone would. Which is the crux of the problem. If DRM didn't increase sales then I don't think you could make the argument that every single publisher who uses DRM is doing it for reasons other than sales.

> How is it a false premise?

Because DRM is decreasing sales, not increasing them.

> lets say we have a "perfect" DRM method.

There is no perfect DRM. But let's say there is very hard to break DRM. That means very abusive, extremely privacy invasive policing method. It would fall even more into the crooked territory.

> If DRM didn't increase sales then I don't think you could make the argument that every single publisher who uses DRM is doing it for reasons other than sales.

Why not? I could make an argument that some do it out of ignorance, and the rest (of DRM users) are crooks. That's exactly what I'm saying. I.e. those who aren't dumb are using it for crooked reasons which have nothing to do with preventing piracy (I listed such common reasons above). And the rest (who use it indeed for sales sake) are digital Lysenkoists.

>Because DRM is decreasing sales, not increasing them.

Based on what?

> Based on what?

Based on crippling the product for those who pay for it. I.e. there will be those who will simply skip it because of DRM altogether.

In addition, some skilled pirates will remove DRM and provide that product without crippling for everyone else, and there will be those who otherwise could buy it, if it would have been DRM-free, but because it's DRMed they will pirate it instead.

The bottom line - DRM means lost sales.

So the answer to my question, as best as I can understand, seems to be "Based on my opinion". Is that correct?
No, that's not correct. It's based on research how DRM reduces sales. An opinion on the other hand is the idea that crippling products increases sales. That's exactly what was called digital Lysenkoism.
As an alternative: we could demand that, for works that are only released to the public in encrypted form, an unencrypted copy is put in independent escrow (e.g. Library of Congress) to qualify for copyright protection.
That's an interesting and compelling idea.

But that database of unencrypted copies would be the ultimate target for industrial espionage, copyright theft, and hacking. I don't think we can trust any one organization with that responsibility.

I think it has a more obvious problem. No one will be updating those copies even if they will be released once. It's simply a mess to manage.
Amazing work. Also highlights how paranoid DRM proponents often are going to such lengths to cripple the hardware.

Breaking DRM is like finding a cure for insanity ;)

It's also insanely illegal. I'm surprised SEGA haven't shut the whole thing down by now.
"Breaking DRM is like finding a cure for insanity ;)"

Well said.

Remeber those Arcade Game-Memory manufactured into the battery? You had to break the battery and (suppossedly) cut the powersupply to get to them.


Are you thinking of Suicide Batteries?[1]

IIRC, tehy're a major hindrance to people who want to legitimately restore old arcade/pinball machines, rather than just grabbing a cracked rom.


Yes, what a wonderfull example of corpoorate paranoia. They are out there- the enemy, the other tribesman and there psychopaths- out to get me, my fortress, my product for cheap- but i will show it to them, i shall leave no mark upon this world, for which i shall be remembered.

Ten layers of tinfoil can capture pirate-bullets.

I can't wait for him to start selling these! I would buy one in a hot minute. My Saturn is collecting dust and there are so many games I just can't get my hands on for my Saturn, and emulation in my experience hardly works. It's way too weird a machine.
As an Aussie he's going to be subject to the TPPs DMCA-lite restrictions on circumvention devices once it's ratified.
Sad, really, given that the courts here have already ruled that circumvention is your right on equipment that you own.
Australia has some of the best reverse engineering laws currently. Those four kids reverse the Sydney train system legally (they did responsibly disclose n such).
?? link please?
Is this retroactive though ? Does it apply to everything that was created before?
Continued publication could be construed as an ongoing matter. IANAL.
I live in Australia and wrote Heimdall[1], an open-source reverse engineered tool for flashing Samsung phones.

I can assure you, I am not looking forward to the TPP!


Heimdall has saved my S3 & Note2 quite a few times! Thank you!
Thanks for Heimdall. Samsung really don't seem to like developers that much, and Heimdall was a godsend when I had an S3.
What's wrong with odin? Other than the moral aspects of using leaked software?
I think Odin was Windows only, there were multiple old versions floating around and how do you know what you're really running? (as Administrator, too)
There is already an SD card drive for the Saturn.

To achieve this did not require fully reverse engineering the cdrom controller but it is great someone did though.

Indeed! There are mod chips, etc. He ended up aiming for something that didn't require ripping it open and soldering.
The Rhea/Phoebe require no soldering. Just pop out the CD drive, pop in the Rhea. Very simple.
Looking at the installation instructions, the Rhea claims to require some soldering. The Phoebe doesn't, but still requires disassembling the system. They also each only work on specific versions of the hardware (20- vs 21-pin), and which version a specific Saturn is may not be obvious without disassembly.

The nice thing about this new solution, even ignoring that it furthers public understanding of the hardware, is that it's a simple module that plugs into a slot already available and accessible on every Saturn ever sold by SEGA (presumably it won't work on the Hi-Saturn units made by Hitachi, as they had the MPEG hardware integrated, though they are also very rare and very expensive).

The Rhea doesn't actually require soldering as Dominik will do the soldering first before shipping. For sure having to know 20 versus 21 pin is a pain. But the Rhea/Phoebe have a huge advantage of being here now and known to be very reliable (they work flawlessly). Not discounting this new approach, it seems very promising, but just pointing out there's already a solution available today for those who didn't realize.
I think you're mistaken: what you've linked is a Dreamcast project. OP's youtube link is for the Sega Saturn (the console before the Dreamcast).
GDEMU is for the Dreamcast, but the same person/group also produced Phoebe and Rhea which are similar products for the Saturn. Those don't have a separate home page, but most of the menu entries at the top of the page have separate Phoebe and Rhea options.
You can already buy the Saturn Rhea. It is pretty much the same thing except SD based and it replaces the CD drive. I have one and absolutely love it. It's honestly the best retro gaming purchase I have made in a very long time.
Does the Rhea have write support too?
I doubt it. As I understand it, it emulates the CD-ROM hardware and doesn't even touch the drive controller chip.
Exactly. So yeah, the Rhea is a slightly different product. But for most people, being able to write is not important.
I think that's both why they were so expensive back in the day AND why it was so hard to develop on (all I have -ever- heard about developing games for that platform).
To be fair most devs at the time completely ignored the second CPU because it was apparently very hard to make them work together. So they treated it as a single CPU console. Which kinds of defeats the purpose :)
Going by the Wikipedia description of it, they had multiplexed RAM access. So developers could choose between having two CPUs at half the RAM speed (4KiB CPU-local cache are enough to make up for it, right?) or a single CPU at full RAM speed.
Does anyone know how you go from a PCB to a product? I've made PCBs before, but I wouldn't know where to begin to make it into a product that I can sell to people...
Well, if you want to sell it legally, testing and validation with the relevant government departments. If not, eBay and "intended for novelty use only"?
For PCB printing, OSH Park is a highly recommended one:

For PCB assembly, is recommended.

Some reviews from Lady Ada:

Also check out

Thank you, I've never seen a PCB assembly service, so that will be useful. I guess one would also need to design some sort of cover as well and talk to a company that makes plastics? Are there plastic assembly companies as well (for if your product has buttons/sprints/etc)?
There's Protomold[1] which does relatively cheap short runs of plastic manufacturing. I'm sure there are plenty of alternatives (and I recall seeing a massive chinese 3d printing contract manufacturer, but forget the name).

Not sure about assembling all the parts into the case. Depending on who does the PCB production and assembly, they might also offer a full assembly service, or not.

The Factory Floor series[2] by Bunnie Huang might be an interesting read about some of the steps necessary for getting an idea to production.



This looks great, thank you. They're still prohibitively expensive for small runs (for 10 boards, above, the cost was $100/board, but for 1000 it fell down to $2/board, and I'm sure protolabs is similar), but at least your comment and the GP takes me from "I wouldn't know how to even begin making this thing" to "Looks like I can just send these guys designs and my box prototype and get assembled PCBs and boxes back", which is almost there, pretty much.

Thanks again!

I want to re-play Panzer Dragoon Saga so badly
Panzer Dragoon Orta was on the x-box. :)

Sega should really make an HD remastering of all of them though. Or even a new one. Especially after the sadness of Star Fox Zero.

It is rumored that Panzer Dragoon Saga's source code was lost hence no HD version. I am not angry about it.
In case it helps, there is actually a very low tech solution to booting copied games on Saturn hardware that works with the vast majority of games released (especially expensive/rare/hard to find games like the Treasure releases).

Tape/wedge the drive lid sensor down, power up with a real game in (you don't need to close the lid as the sensor believes the lid is always shut) and allow it do the initial copy protection check on your real disc.

At this point it stops the disc for just less than second - just enough time to pull the real disc out and swap in a CD-R. It takes a little practice and potentially can damage the drive motor if your timing is frequently poor.

Games this won't work with are those spanning multiple discs where you need to swap discs in game to progress.

Why not just cut the wobble edge of a real CD off and attach it to a burned CD?

Maybe you can shave the back of the shimmed wobble edge down, so that it won't stick out as much on the burned CD. This shimmed wobble can be your key for all the burned CDs you have.

Maybe double sided tape can keep the wobble shim attached to your burned CD while still allowing it to be removable for other CDs.

I've never had a Saturn, so I don't know what this wobble edge looks like in person. Am I missing something?

it's not a physical wobble, it's a data track written in a wave-like path. You can't write it as all CD-Rs already have the spiral track so it's very hard to fake.

It's similar to the Gamecube using the burst-cutting area to implement DRM - it's impossible to duplicate without a production setup.

I don't think you can't cut a CD like that. The moment you try to cut it with anything, it will probably crack (both for real silicon and CD-Rs).
> I've never had a Saturn, so I don't know what this wobble edge looks like in person. Am I missing something?

The video shows it:

The video's graphic is a bit of an approximation. In practice it appears that every second disc sector is displaced, IIRC. And they've got particular bit patterns written into them to produce a visual logo; these patterns (but not the actual logos) are checked too.

The protection ring is visible to the naked eye for this reason. I can't find a picture, sorry!

I tried to figure out how to reproduce the logo at one point (10+ years ago, when people were less worried about dying drives). IIRC, it's that the EFM patterns used to make the pixels don't make valid Red/Yellow Book sector contents, which causes some weird behavior if you try to read them as such.
I seriously loled at this. That would not have been a graceful solution to say the least. This isn't about hacking cdroms just to get it to run on the system. It is about understanding the intricate details of how it worked so that when the cdrom drive itself died you would have a way of playing those games along with full cd bloc emulation
You're not getting very technical responses to this, so I'll bite.

> Why not just cut the wobble edge of a real CD off and attach it to a burned CD?

This would have a very low success rate, as the precision required to accurately cut off the wobbled edge on an original disc (and the target area on a CD-R) would a lot of upfront engineering as well as cost-prohibitive tools. Optical discs require more precise measurements than most people who favor the scrapbooking "cut-n-glue" solution can provide.

This is just as long as we're pretending it's possible. Opitcal discs lose a lot of structural integrity the moment you start breaking/cutting them. The reflective portion where the data resides is on a thin film substrate at the back of the CD. Cutting that without outright destroying the disc or (at least reducing the operating life) would take significant effort, as would precisely healing the new gap from combining two separate materials without destroying the alignment of all those microscopic ones and zeroes.

Not to mention that any adhesives you might apply to combine the two pieces would make that level of accuracy impossible, if not highly improbable. And then you have to hope the whole thing holds up while spinning. Even assuming you could get the two pieces to combine seamlessly, there's always the chance that you've done something that destroys the balance of the disc, which could have a number of unfortunate effects in spinning media. I don't think the Saturn drive spins fast enough for it to sling off and demolish your hardware, but it could cause data inaccuracies at the very least.

I mean a company could attempt to do it for you, but it'd be cheaper and more reliable to engineer Saturn-compatible CD-Rs (or offer a disc-pressing service) at that rate. Considering the only use is to defeat old copy protection, it's not going to have a market large enough to sustain it. So you're going to have high prices, and low enough product sales that it would probably not be worth inviting the legal trouble. Even after all that, CD-Rs can have all sorts of QA issues that can affect their shelf life. And then you still have the problem mentioned in the video where the drive hardware fails.

Replacing it with flash data is just a better long-term solution.

I practiced this trick with my original playstation years ago.

Then I killed it trying to mod it. Got a PS1 instead, couldn't figure out the trick anymore.

It was funny that they kept on changing the points where the disc would read info, you had to swap multiple times at different points. They wouldn't stop either, just slow down.

Modding the PS2 is still one of the hardest soldering jobs I've ever done. The worst part is that the modchips were apparently pretty crude in how they worked and ended up burning out the laser diode after about 6 months even if you only used it for imported games and not burned games.
Hah, yeah, I used to do that too with the PS1 until I modded it with a chip. It was flaky though, worked 50% of the time.
> Then I killed it trying to mod it.

Ugh, don't remind me. My brother fried our n64 and our ps2 trying to mod them into handheld's (with built-in screen).

I remember owning a "slim" ps2, but I'm still kind of boggled at the idea of compacting everything inside it into a "handheld" size.
I'm so so glad he mentions archiving in this video - I don't think enough thought has been given to the impact of DRM on museum collections in 10-50 years.
There's actually a very large collection of Saturn games archives at They're MESS compatible CHD files (I wish other emulators would support it, it's a good way to handle large drive copies), but it's a fairly good collection.
I may be wrong, but a quick Google shows a lack of development resources for the CHD format. Either they need to do some SEO, or some straight up marketing.
Maybe a condition of copyright should be that you submit the unrestricted media to Library of Congress, and it gets released upon expiration of copyright.
Isn't that what the Internet Archive can do? They can host old games under the pretense of them being a "library".
Nobody would test that version, so it wouldn't work.

Submission of complete source code, on the other hand, could help.

>Submission of complete source code //

But you'd still need to have the build process, so really you'd need submission of the full dev environment. But then you might also need the hardware to run it ...

Personally I think it should be copyright protection or DRM: the demos doesn't get the DRM stuff to enter the public domain so strictly speaking DRM stuff can't be copyright as the deal of time-limited monopoly is broken by the corps that are using DRM.

> "Personally I think it should be copyright protection or DRM"

Yeah, I like that. Sort of like how something can be a trade secret or patented but not both.

I'm going through this as a relatively new PS Vita owner. Sony decided to go with proprietary game cartridges, proprietary memory cards, and DRM'd digital distribution. Despite the quality of the games and hardware, the system didn't do well commercially and it appears Sony has lost interest in the system and it's sibling PS TV/Vita TV.

There are a lot of great games (including PS1 and PSP games) for the system, but once the hardware dies or the download servers are shut down, what is left for people who still want to play these games?

In the back of my mind I've been thinking what digital consumer rights look like. It seems like this point in history has laws that favor publishers more than consumers or the public good.

Absolutely. The PSP is still my favorite way to go and play the classic PS1 games like FF7, Metal Gear Solid, etc. It really is a wonderful device, but the DRM Sony has repeatedly strengthened over the years has made using it somewhat of a gamble.

It'd be a shame if we suddenly couldn't play these classics anymore just because Sony wants us to repurchase it on Console XYZ.

The PSP has been thoroughly owned, and just about every game for it is available somewhere on the internet. Even emulating the PSP is getting pretty good.

That said, the Vita is much nicer for PS1 games, and if your firmware is old enough, you can even convert your old discs yourself for it.

If you care, dont support Sony. I have stopped buying consoles because of DRM abuse.
It'll be fine, once it's cracked you'll just be able to copy games directly onto it like the PSP Go.

No point cracking it till they stop making games for the thing though.

Players overwhelmingly vote with their wallets in favour of DRM. Just wait until some day Steam servers get shut off, the backlash will be massive.
I don't know any players that are in favor of DRM per se. Players are willing to accept DRM, IF it is transparent, and even more willing if it enables some perks.

There was a time when DRM was only visible when it broke your legitimately purchased game (e.g. SimCity, Diablo 3)

Now at least gamers are getting some decent perks from DRM (e.g. digital loaning, play anywhere, cross platform licensing) so it's a bit easier to stomach.

> Now at least gamers are getting some decent perks from DRM (e.g. digital loaning, play anywhere, cross platform licensing) so it's a bit easier to stomach.

That's because people have been vocal about that. If the companies had it their way, I'm sure the majority would want you to buy a new license for each platform and system (like how the cheap Windows licenses are - locked to your system)

Yes, I'm sure companies want to maximize sales, that is their job. And yes, people were very vocal about shitty DRM (and rightly so).

The old way of doing business was proprietary everything. (See Sony in the 80s and 90s) I'm just glad manufactures finally saw that locking things down so much increased customer anger and frustration more than it increased sales. Being a child of the 80s, I'm still surprised at stuff like using a generic USB thumb drive in an Xbox 360 and things of that nature.

Maybe not. There are lots of things to consider, such as:

* Windows falls out of popular use for residential people / People moving away from using PCs as we know it.

* Steam client not being available for the mainstream OS of the day.

* Most of the games in your library not working with the the mainstream OS of the day.

* A new platform replaces Steam and it has newer remakes of classic games.

* We are all in our 50-60s and lost access to our accounts long ago because we don't play games anymore.

Steam probably won't be killed off in one day. It will die gradually as it falls into disuse.

People don't know any better and don't understand the issues. They're not voting with their wallets. They just want to access the "protected" items. I tend to think most people are just going to accept when they lose access to "protected" items they've already purchased (or just have to re-purchase them). I don't like any of this, but I don't expect it will happen differently either.
Great work.

These crazy reverse engineering projects kind of make me feel insecure about my own abilities, as weird as it sounds.

I wonder if I would have been able to come up with the same solution if I worked at it. My fear is that I would not, but who knows.

A lot of it is purely analytical, but there is a portion that relies on pure creativity and problem solving abilities.

I understand the process he went through as well as the technical details behind it, but following along is much easier than looking at a circuit board with a blank face, wondering where to begin.

I spent the last 2 hours last night just reading about Sega Saturn…

If it took 20 years for the reverse engineer community to get to this point I wouldn't sweat it if you don't think you could do it on your own.
This appears to be where he actually dumped the ROM a few years back...

Holy hell what an amazing hack. This guy must have spent hundreds of hours on this.
He mentions at one point that he's been working on it off and on for a few years so definitely at least 100s if not thousands of hours.
Since 2013.
In this [1] forum post, from yesterday, he says: "I've put thousands of hours into this project"


He mentions archival as a motivation but can we trust the rest of the hardware to last more than a few decades? Isn't emulation the real archival solution?
Yabause already exists but it's not a perfect emulator yet. So right now the best way to enjoy games as they were is still the original hardware.
SSF exists and is much better than Yabause, although it's not open source.
Non Open Source emulators are dead in the water in terms of archiving. 10 years later if the original author is not around anymore, you won't be able to rely on it nor improve on it. I wish all emulator writers understood that.

PPSSPP and Dolphin have made great progress BECAUSE they were open.

Saturn emulation on MESS is surprisingly good. Not up to some of the others, but I was pleasantly surprised last time I tried it with how many games were playable.
I would imagine a fair few emulator writers don't much care about maintaining the "backups" fiction, even under the classier name "archiving"
There is zero value from games not being published or sold anymore, so the term archiving is very much appropriate.
Historians in 2200 will be thanking them none the less, we lost a lot of early film lets not let that happen to this art form.
And it's not only film. Early television, audio recording, books (in special in times when copying them was costly)... The list of information we lost is enormous.
Thanks, hadn't found that one with some quick googling, only found some horrible binary "freeware" stuff. He also mentions using his reverse engineering knowledge to help emulation authors so hopefully that includes Yabause. Having an open-source emulator is particularly important if we want to be able to archive these games forever.
It would be, but cycle perfect emulation is very difficult and costly. Higan (formerly Bsnes) manages it with Snes emulation and it requires a cpu with a rate over 3GHz. I remember reading the N64 would require a 10GHz cpu to emulate with 100% archival accuracy.

long story short, it is the real solution, but its not a practical one by any means.

Have there been any efforts made with FPGA emulation? It might work out better for this type of project.
Yes, FPGA implementations exist for some classic systems, including some game consoles.

Here are some relevant links (I'm sure there will be other systems that have been recreated in FPGA form):

That would definitely make cycle accuracy easier between all the system parts.

The hard part is for someone to actually develop the emulation for all the custom chips in the system. In particular, the two graphics chips are very complex and the documentation is very hard to understand. The same goes for the sound chip. The others are all standard enough to be reasonably straightforward (if not actually easy).

Yes. In general there are two real paths to long-term archival of games: emulation and reproduction.

Emulation is the best possible path IMHO since it enables the games to be played (and experienced) on pretty much any hardware. I think this work may do quite a bit to help in that area, there's really no reason the Saturn isn't nearly perfectly emulated these days.

Reproduction is the next best and much harder than Emulation. Basically figuring out how to build the hardware again. There's several versions of this with much older hardware (C64, 2600, etc.) with new hardware being produced that can run the old software natively. There's also "lesser" versions that use modern CPUs, etc. to run the code basically also in emulation, but this is not the same thing. However, reproduction is both technically more difficult and has a smaller audience who's willing to add yet another machine to their collection to see old games.

also, MESS's emulation is also not too terrible, I was pretty surprised with how many games worked under it

Emulation is far from perfect even for older systems. Amiga emulation is still being worked on. Less popular systems have poor standars of emulation too.
Yeah of course. But there's a lot of distracting work that's being done to try to keep old, rapidly failing and limited quantity systems alive (for various definitions of alive).

In a hundred years, the only practical way to experience classic software like this will be via emulation and I believe that's where resources should be put.

There's a weird kind of snobbery in classic gaming that, unless you're playing original games on original hardware, you're doing it entirely wrong and emulation stuff is basically just dirty piracy. Fast forward to today and the talk of the community is that old game and hardware prices are getting sky high, and in the case of some systems (like the 5200) finding working equipment is getting to be impossible. No duh, sucking all of the inventory for a product that's not going to be manufactured in anymore and allowing the prices to slip into normal supply-demand areas means that's what's going to happen -- even worse, the new audience who can be exposed to this material shrinks even smaller every day.

For almost all practical purposes, systems like the Amiga or the SNES or similar vintage are pretty much complete in terms of emulation -- the entire known software libraries are basically completable. In many ways, emulators like UAE offer better software compatibility than real hardware!

Longterm yes, but the cd drives on these things die decades before the roms and processing hardware. He had mentioned in the video that he was surprised that the solid state laser died so soon but I was under the impression that it's almost always the drive motor that's the first to go.
Personal archiving is allowed under USC's Fair Use terms AFAIK whilst emulation isn't; might just be legally protective wording (or an attempt at that).
As I think I mentioned that's been another major outcome. I've been working with Yabause developers both to improve their HLE of the CD block, and to implement full low-level emulation using dumped ROMs.
Awesome that you are an HNer. What are you getting your PHD in Professor Abrasive?
Here I thought the title was describing how plastic CD media became brittle after 20 years. The hack is way more interesting.
As a Sega fanboy, this makes me happy. That copy protection scheme (outer ring spiral) is quite something. I find it amusing that Sega went with yet another proprietary disc format for the Dreamcast (GD-ROM) and that system is able to load homebrew code from any CD-R / CD-RW without any modifications to the hardware.
> That copy protection scheme (outer ring spiral) is quite something.

Yeah about that, I don't get it. Is there data hidden in that spiral that acts as a checksum for the CD or something? Or is it of special material that lights up differently under certain light (like money)?

To me it doesn't look that hard to duplicate a simple spiral, but then I know nothing about it.

original Playstation used similar copy protection trick - ASCII string SCE(I/E/A) was stored in pregap pre-groove wobble between the leadin and the first track. PSX used Three-beam pickup and was able to track this wobble and extract code from radial tracking error signals. Modchips simply injected same error signal for couple of seconds after closing CD lid, enough for the CD controller to recognize it as "original".
Any idea why PS modchips used to kill the drive laser pretty quickly?
they didnt. lasers were poor to begin with, plus weaker media(cdr) probably caused extra mechanism movements (focusing)

edit: hmm, now that I think about it, its possible someone incompetent made modchip that would keep sending wooble constantly, that could cause tracking problems and tire mechanism pretty fast.

Consumer CD writers and CD-R's don't have the ability to write anything similar to the disc.

Gamecube discs utilised a similar technology which you can easily see on the disc surface - &

Years before, companies actually did a similar thing with floppy discs, albeit in a slightly different way.

Yeah, that is something. They thought better hardware protection was unnecessary because they believed in the strength of their software solution (which was quickly cracked)? The games could be larger, so that CDs could not fit them without changes. IIRC early Soul Calibur burns had their music down-sampled to fit 650 MB. And was it Skies of Arcadia that really did have too much content to fit on a CD, without serious changes?

Also, you mention CD-RW, but IIRC you could not boot off CD-RW, only CD-R. Or maybe that was the softmodded xbox?

Dreamcast games varied in size massively. Crazy Taxi was only around 100mb. So small in fact that when initially burnt to a CD the drive couldn't load files fast enough (as files were closer to the inner ring of the disc). Tools were then released to 'pad' the game files out to be closer to the outer edge with a dummy file. Files close to the outer edge can be read faster as the drive laser can cover more distance per revolution.

Skies of Arcadia was I believe the biggest ever 'released' - 2x1GB. A group called Echelon did manage to release it after many months/1 year+(?) without anything ripped, sized to fit on 2x700mb CD-R's. They pre-compressed the whole game and wrote a custom on-the-fly decompresser. Apparently this did slow the game down in places, but the technical achievement certainly needs to be appreciated.

I believe they did no such thing(proof would be greatly appreciated). What they did was downsample the audio files and the pvr game textures.

To achieve what you claim would more than likely mean game engine modification and without the source code I dont see that happening.

Honestly, inserting compression doesn't sound impossible. Difficult, but a few months and a team of people and it sounds achievable. Warez folks do some crazy stuff.

However, I read some forums from the time, it sounds like the results weren't great. Mainly folks notice sound triggering noticably late. So uh, Maybe instead of downsampling they built a MP3 decoder, but to use the existing system, it couldn't stream the audio, so they had to decompress the clip completely into a buffer before playback?

If you search google for their Skies of Arcadia nfo file, you will see this is clearly what they claim. I won't link to it here due to other material hosted on those sites. The trainer injected into the executable also makes this claim (you can view this on

I have little reason to doubt their claims given their clear technical skill spanning multiple console generations (Echelon might have only been associated with the Dreamcast/PS2, but it's obvious that their 'group' were behind multiple other, very highly technically accomplished scene groups).

Access to the source code is even a possibility - at one point they routinely released games weeks or even months before street dates. is worth a read for an indication of some of the shenanigans that were afoot back in those days.

Wonderful. I love things like this. In these days of Steam DB and people scrutinising every byte, it seems like the easter egg / message from the developer has gone by the wayside. has a lot of examples of left over / hidden content but nothing as cool as a message left for a particular group.

> "Skies of Arcadia was I believe the biggest ever 'released' - 2x1GB"

Bigger than Shenmue / Shenmue 2? IIRC both Shenmue games spanned 3 GD-ROMs.

Sorry, I wasn't very clear. In my head I was thinking in terms of games that weren't ripped/downsampled to 'fit' on an 80min CD-R. I think the largest release was probably D2, which from memory needed 5x99min CDR's and even then numerous elements were downsampled/ripped/etc.
Oh yes, I remember padding the image, and Echelon, of course. I still have the tools somewhere in my backups.

You mention the read speed issues, meaning the dreamcast drive was CAV. Were all data drives of the time CAV? Are audio CD players CAV? Not some 40 second skip protection discman, but like a hifi unit from the 80s (since my naive 80s implementation would not like the data rate changing across the disc)? Does CAV vs CLV have any meaning here, or is pretty much laserdisc only terms?

All things I vaguely feel like I should know (like if all optical media has pits that are the same length across the disc. I think not, again laserdisc.) I love my dreamcast. Left one in an apartment 6 years ago when I moved out. It could be still there. Still have one.

CDs are CLV, data-wise. But many CD-ROM drives can also read at faster-than-realtime-audio speeds, and in those cases reading at the outer edge of the disc can net faster rates. IE, a 2x CD-ROM might not be 2x throughout the whole disc.
Same project for original Playstation . Started in ~2010

Playstation also had a trapdoor Parallel I/O port exposing raw address/data bus, it was meant for network interface, debugging(PSY-Q) and stuff(ActionReplay/GameShark). Great thing about that port is you can hang your own ROM there and console will execute it while booting, no code signing/drm crap.

Afair at the beginning PSIO patched original firmware replacing all CD routines with its own, but later in the project it was discovered a lot of games talked straight to the hardware ignoring SONY requirements for using BIOS routines. This is why current version comes with small board you need to solder inside to reroute chip select signals from the CD controller chip - PSIO emulates that chip completely. You still get data faster than CD due to no seek times.

Original work from 1999

Gamecube has IDE-EXI, same thing

The problem with a lot of the modchips is that the companies behind them are secretive (leading to loss of knowledge when they close) and they're just so damn expensive.
TLDR (or TLDW*)?
He dumped ROM of Saturn's CD-ROM module's CPU, reverse engineered OS in it, discovered a developer mode which allows Saturn to read non-protected CDs but requires a special protected CD which nobody has, then he turned attention to the slot for Video CD decoder card, discovered that this card can send additional encrypted code to CD-ROM module's CPU, then created replacement for CD-ROM module as a card for Video CD decoder slot, which allows to load CD images from USB mass storage devices connected to it's USB port.
Just say it: He's a wizard and he just hit level 20.
No, just no. This one is worth savoring.
Why is this being downvoted? I think it is perfectly reasonable to ask for a TLDR on a 30 minute video.

Anyway, the basic story is that the Saturn had copy protection in the form of physical marks on the copy protected CDs. This puts a huge barrier to entry on homebrew and the like, so a guy going by Dr Abrasive tried to reverse engineer a way around that. He first looked into a way of disabling the copy protection on the CDs to allow burned CDs to be used but that proved too difficult.

He eventually hit upon the fact that the Saturn had an external module that could be added to allow the system to play video CDs. He then built a component to take advantage of that fact and feed in his own commands through this interface thereby avoiding the copy protection entirely. This allowed content to be run from USB sticks without the need for CDs at all, lowering the barrier to entry even more. It also helps workaround mechanical failure of the CD drive which is becoming a common problem for the 20 year old hardware.

So now if you have this custom built component, you can take an off the shelf system and start running code from a USB stick without any soldering, hacking, or modification at all beyond plugging the device into the back of the console.

It's reasonable to ask for a TLDR for anything. They are better known as abstracts.
the most impressive part, to me, was how thoroughly he reverse engineered what looks to be a crazy complicated CPU architecture - the Saturn has four of them.

Also, I love that his original motivation was to use the sound processor for mixing chiptune, and basically opening up the entire system at metal level is a happy by product.

ALSO, the fact that he decided that his first working prototype was too hands on and finding a way to piggyback the video playback expansion card to make the mod orders of magnitude less complicated to install / execute.

Super impressive stuff

Wasn't it only one of those CPU's though? He mentioned there is a CPU dedicated to disk operation and that's the one no one had been able to get a ROM dump of, which in turn enabled all the other stuff? Not trying to downplay his achievement or anything, I'm new to all this but it's easy to see that this is some truly amazing work.
2 CPUs, 2 GPUs, and there is a separate CPU dedicated to disk operation which was (almost) completely isolated. His achievement was getting access to that disk CPU, but that access allows access to the rest of the CPUs.
This is by far the best showcase of an assembly code I've ever seen. Kudos for the editor.
It seems to be IDA, not sure what you meant by "the editor".
It's definitely IDA Pro. If anyone is considering how difficult this is, let me offer you my experience. It is incredibly hard and requires utmost persistence. I tried to refresh (learn more about) my knowledge of x86/x86-64 asm and decided to give a go on modifying a binary that was not produced by me. It seems to be a common exercise, so I though - how difficult can this be? Right? You follow code procedures, take note of jumps, there's even a handy visual graph of the things, take another application that can offer you to see function names and break calls... Suddenly, you're in this loop where you take notes on paper (yes), you seem to understand a part, move to the next and then you realise you didn't actually understand the part before and go back, and then you get tangled in variables and registers..

It takes a special set of skills and a mindset to do this. I recommend everyone to try that once. Just take a foreign binary, any which you know the application of, and try to modify it. Then, after you give up, take a note this was done on an unknown binary with (almost) unknown functionality. TBH, he did say he looked up a table of known functions on a wiki somewhere, but still...

One of the YT comments is about how he is not releasing the "ROM dump". Any idea of why he isn't doing this?
Copyright? Although Sega Saturn is a dead system with zero commercial value, the ROM remains copyrighted.
Just a guess: might get some serious attention from Sega's Lawyers if he releases that.
Very unlikely that would happen. Sega generally takes a pretty relaxed view to the emulation community and to my knowledge has never pursued anyone for releasing firmware from their systems.

He does claim legal and professional risks as his reasons in the assemblergames forum thread[0] though.


The ROM is probably under copyright?
From jhl in the forum thread:

>I, myself, am not going to release these ROMs. This isn't the first project where I've dumped a commercial object for some other purpose and been asked to share (see: shairport, for one), and after much thought I conclude - now, as then - that it's not the right thing for me to do in any project. There are legal and professional risks which I'm just not comfortable taking. That's not negotiable.

>But that's not to say I won't help you dump it yourself. I'll have a dump feature in the cart, and I'm sure someone will rapidly archive all the available systems.

I'm not a lawyer, but I don't see how "I didn't steal anything; I just broke open the safe and told others how to get the money" would get you of the hook.
There's an active hobbyist lockpicking community out there with plenty of instructional videos. One could nefariously apply these skills, doesn't make the video producers liable.
To add to this, there's a professional penetration testing industry & similarly their methods could be employed in a malicious nature
Well, it's a good thing you're not a lawyer then!

By analogy, if the original comment had been "I will not give you a copy of the copyrighted harry potter book, but I can teach you how to use a scanner if you'd like, and I'm sure someone else will scan it" would you say that teaching someone to use a scanner is illegal?

It's actually typically legal to make a backup of a copyrighted item you own for personal use if the original is damaged.

He's teaching people to do something that's typically legal, avoiding infringing copyright by redistributing himself, and commenting that it's quite likely others won't be so scrupulous; I don't see how anyone could reasonably fault him.

A scanner doesn't target a single (intellectual) property. This feature of this hack, on the other hand, would have only one use: dumping the ROM of a Sega Saturn.

I hadn't thought of the 'for personal use' defense, though.

Not to discount this as it's very impressive work. But replacing CD drives with SD/hard drive based solutions is becoming pretty common. For the Dreamcast there is the GDEmu[0], and the Saturn already has the Rhea and Phoebe[1] (basically the same thing, each is for slightly different models of Saturns).

The Playstation also has one, the ps-io[2]. I'm really hoping for someone to step up and do the PC Engine, Neo Geo CD, Sega CD and 3DO.




>pc engine

You might be interested in the turbo everdrive from

I'm glad someone else out there digs the Sega Saturn because I always felt left out being into Sega games while the rest of my friends were Nintendo kids all the way.
Does Sega gain anything from not just releasing all the information?
There's zero benefit in doing anything like this.

Not to mention that all the relevant information may not exist anymore, or is in a storage facility somewhere growing mold.

> There's zero benefit in doing anything like this.

I don't know. Winning people's hearts? For the fun of it?

They're shovelware company now that pimps itself out to whoever will pay. Why would they care what people thing?
> Why would they care what people think?

If there is one thing I learned from internships and various jobs (I'm still a student), it's that companies pretty much always exist of people who care. If there's an opportunity to spread the name SEGA around without any downsides, good odds you could find someone in the company who's up for that.

Trouble is, you probably need to find whoever was on the original product team, or it's going to cost the company more hours than they'd find it worth.

>I don't know. Winning people's hearts? For the fun of it?

That's true, but as long as they can still make money from their IP they won't (i.e. repackaging old source + game(s) into a VM for sale on Steam or next-gen consoles)

Some of the source code/etc may be licensed from a third party, which means that releasing it is treading through a legal minefield.

What's strange is that a lot of the Sega games from this era are just missing completely. Try hunting down Skies of Arcadia (even the GC port) or anything Panzer Dragoon. They were never released in virtual consoles despite significant cult followings.
In cases like these I'm thankful for pirates. When an interesting project is about to die because all the stakeholders lost interest and there's too much legal mess to deal with to give it away, it's good if there's someone that steps in, ignores that legal mess altogether and simply dumps the product on-line.
Please see Hasbro, regarding release of the Atari Jaguar into the public domain:

This included the remark that Hasbro would not go after developers for discovering or bypassing the encryption key (which was discovered shortly after) to run their own software:

They probably have contractual restrictions - agreements to help fight against unauthorized copying, or to protect the copyrights of people who create games on the system.

And in general, most console systems are a serious bundle of hacks, mostly tolerated by programmers by the sole fact that you can rely on every system to be identical.

Not to mention a lot of the information me be lost or on archives servers/backups/tapes engineers have long forgotten about.
If only the Dreamcast protection had been that good. Was really disappointed when it died :(
You certainly didnt know the history of Sega or the Dreamcast if you think it died because of piracy. ...with that thinking then the Saturn would of been an ultra success.
I knew a lot of people who owned a Dreamcast and no games.

No modchip required, no soldering, broadband penetration on the rise, filesharing was now a thing.

I completely understand the Saturn's botched launch and limited number of retail outlets, but the Dreamcast had the best launch of all time up to that point and broke sales records.

I'm not convinced piracy is not in fact the cause of the Dreamcast's demise.

I really did love the Dreamcast, built in modem and the second-screen VMU.

If you don't think piracy killed it, what do you think killed it? The PS2?

I believe Sega also had some institutional issues. There was a documentary a while back, can't quite remember the name. Something about the corporate structure a lot of the business was based in the US while the technical knowledge was based in Japan and thru some skulduggery they ended up torpedoing themselves ...
No EA Games, when Madden was huge; no DVD player, and the PS2 hype cycle was perfectly timed and had an even better launch. Wikipedia sales numbers for the PS2 and Dreamcast say the PS2 sold 10.6M by March 31, 2001, whereas the Dreamcast was dead by then and only sold 9.13M. Sega also had troubled finances as a result of the Saturn.
the 2K Sports series negated the need for EA and sold so well that EA sought out an exclusivity contract with the NFL so that 2K would be killed?

The DVD drive after the ps2 was released probably would be a huge factor though, if the dreamcast wasn't in fact already dead which it was.

I'm sure some business school guys have written papers on this, I should find them. Would be interesting to read all the opinions on Sega's near death and exiting the hardware business.

I actually preferred the 2k football games so EA getting exclusivity there was annoying.
Sega wasn't losing money on the Dreamcast, but they weren't making money either. Sega's exit didn't have to do with sales; they chose to exit the console market because there was more money if they focused on games and less on hardware.
How is the Saturn's protection so much more effective than more modern systems?
I'm guessing it was state of the art at the time it was released, but wouldn't hold up nearly as well in a mass market console these days.
Then why did it take 20 years?
It didnt. 20 years is a lie/marketing/ignorance. There do exist CD emulators (Rhea) and there did exist modchips during console heyday.
It's not a mass-market console anymore with little interest or incentive to break it.
It was impossible to find anyone capable of producing CD's with the wobble when the Saturn was alive. Finding somebody capable today would be possible, but it wouldn't be very profitable because its a dead system.

If a new console used the wobble/burst then surely you'd be able to order these CDR's from Alibaba..

haha awesome

I applaud crazy fuckers like you. The world needs more of you.

Well done sir.

I was just thinking about the Saturn at a nerd memorabilia store, as this was the one system I saved my money up to buy at 11 years old. What an utter disappointment of a system (in terms of games), but what a great hack. Makes Dreamcast hacking look like Lego Logo.
The Saturn had great games what are you talking about? Maybe it didnt have all those game your schoolmate was playing on his Playstation but does take away from some of the great games it did have
I am not good with electronics tbh but why it is not possible to mitm the connection between CD drive and motherboard? As far as I see from 'swap disk' technique outer protection track is not changing depending on game
I was thinking about controlling an outside door unlock button by MITMing the electrical cables going out of it, but realized I have no idea how to go about it. I just need to generate the same signal... I thought maybe someone reading this could have some pointers.
you can, but the drives are starting to fail now.
I meant mitm on CD rom side, as the protection track unique, could be simpler approach (which later you can remove optic drive with SD or usb)
You can. That's what traditional modchips do, and there's the Rhea/Phoebe which completely emulates that drive via that interface.

Of course, if you sit at that point in the system you have a different set of problems and capabilities. Much easier to build hardware for, but no data output, and of course you need to disassemble the console to get there in the first place.

Possibly stupid question: why didn't some enterprising person figure out how to produce CD-Rs with the copy protection wobble track? Is the market too small vs the cost of required equipment? Would it have been illegal?
I found this when looking for more info on the "wobble":

"I hope this lays the matter to rest, and prevents anyone from wasting more time on it (like my day burning useless discs). I'm sure someone will wave their hands around and say that custom burner firmware could do the job, but good luck finding a burner with a programmable DSP in the pregroove tracking loop and managing to modify it to do the job."

Echoing what others have said, I never knew about just how amazing the engineering on the Saturn was in terms of incredibly tight timing.
Was that a good thing?
Arguably it can be better than blocking threads, which can waste precious time for synchronization. But if you design your code with precise timings, you can ensure that the different processors will complete their work and communicate their data at a precise time, thus saving code and time.

Harder to program of course.

It may interest folks to know that all Sega Saturn games have their audio encoded as plain old CD audio tracks. You can put your Sega Saturn disc into any old CD player and play all of the music tracks.

You can also rip a sega saturn CD in your computer. I particularly enjoy the music from Sega Rally Championship and Virtua Fighter 2.

This was pretty common with original Playstation games as well. CD Track 1 was the game data, the following tracks were music.
Many, but certainly not all. Redbook audio (along with tons of grainy low resolution FMV) was more common in the earlier days of the CD-ROM, when creators were trying to justify the format, but hadn't figured out more interesting ways to make use of the space.
Anyone know what program he is using to view the dumps?
IDA Pro.
wow! THIS is what hacking looks like. these days the term seems to have been muddled and interchanged with "programming". True art of reverse engineering something you don't have a full manual for (and can't ask StackOverflow).
What a legend. This video is absolutely inspiring.
Only 20 years to go and Denuvo is done for.
Intel SGX worries me much more than Denuvo.

These days my interest in game cracking is mainly for archival purposes. (are you going to be able to play this game in 50 years?)

I follow /r/crackstatus but it is far from being really done. This said I think all things equal piracy is a good thing for the gaming industry and without it I would not have been a gamer who now have more than 300 games in Steam and many more in GoG and Blizzard games too Back in the day I wasn't rich and even if I had money I couldn't buy games because I had no access to them living in a third World Country, but piracy made me a gamer.
All that effort from Sega but I remember modchips being available to run pirated Saturn games when I had it.
Awesome video. Thanks for sharing.
So the system "just works" without the game disc. Mind blowing!!
I'm glad someone else out there digs the Sega Saturn because I always felt left out being into Sega games while the rest of my friends were Nintendo kids all the way.
This is amazing. The video avoids too technical language, and basically explains the whole process of reverse engineering. I think this is the best explanation of reverse engineering I've seen in a long time.
Micah Scott's toastermelt videos are another great example of reverse engineering workflow/techniques. More technical and detailed but still very accessible.
I tried looking for those videos but haven't found them yet, do you have a link?
Poster meant 'Coastermelt':
Thank you.
Whoops, yeah, that makes a lot more sense. Thanks.
Jul 11, 2016 · 14 points, 1 comments · submitted by petetnt
Someone has already made a cdrom drive replacement SD card board but this guy maybe be the first to have thoroughly figured out the workings of the cdrom controller.
HN Theater is an independent project and is not operated by Y Combinator or any of the video hosting platforms linked to on this site.
~ [email protected]
;laksdfhjdhksalkfj more things ~ Privacy Policy ~
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.