Over the years, a lot of people have come up with a lot of theories about the Saturn ring protection system. And I mean a *lot*. I've been researching this for a week and it hurt my head.
On the one hand, there is the data in the ring - pretty well understood at this point: the right timestamps in the Q subchannel and in the Mode 2 header, and the appropriate bytes for pretty EFM patterns in the payload.
On the other hand, there are a number of people who've claimed, without providing
I'm pleased to report that I've successfully dumped the SH-1 ROM from a CDB105 Saturn CD block. This involved removing the SH-1 from a CD block board, and attaching it to a Gameboy cartridge to provide ROM and NVRAM. A custom ROM loaded via the cartridge allowed dumping the ROM via the NVRAM and thence via USB; I'm very pleased by the fact that I didn't have to write a single assembler instruction in the whole thing (it's all linker scripts and C).
Originally Posted by TriMesh
Just out of curiosity, did you find anything in the SH-1 code that sheds any light on how the system disc works?
Absolutely. Disc authentication lives in Task 7 in the multitasking system, which is shared with the ISO filesystem access code. It's a spaghetti monster.
System discs are defined simply by finding SEGASYSTEM at the appropriate place in the disc header. The disc author is stored for later comparison, so a system disc that has SEGA TP will only work with
As posted on the forum:
The analysis of this dump has already borne some fruit, allowing one of the Saturn's security expectations to be gently violated.
The assumption in question is that burned Saturn discs - ie. those beginning with SEGA SEGASATURN, but missing the ring wobble or ring data - will be detected as fakes (type 3), and access to their data disallowed. This prevents any SH-2 code - BIOS or cartridge - from booting such a disc.
Using a combination
Updated 5 Days Ago at 04:44 AM by jhl
Giving all i have on a new project:
Hope all will start rolling properly, been doing my best!