Saturn proof-of-concept bootloader Pseudo Saturn

Discussion in 'Sega Saturn Programming and Development' started by Cyber Warrior X, Jul 7, 2014.

  1. -=FamilyGuy=-

    -=FamilyGuy=- Site Supporter 2049

    Joined:
    Mar 3, 2007
    Messages:
    3,097
    Likes Received:
    1,046
    That's not how it works AFAIU. The bios only boot the game it the CD-ROM controller "tells" him the disc is a SaturnDisc. PseudoSaturn boots the disc even if it's not a saturn disc as long as the header is PseudoSaturn (So only game disc are booted, not VCD and audio discs). For a fix, when a non-saturn disc is detected the bios would need to check if the header is PseudoSaturn then boot if so.

    Now, you might be right if the CD-ROM controller passes the header to the bios, but I doubt that's how it works. IMO it's a flag bit/byte/WORD.
     
    Last edited: Jul 22, 2014
  2. Cyber Warrior X

    Cyber Warrior X Active Member

    Joined:
    Feb 21, 2013
    Messages:
    32
    Likes Received:
    15
    Theoretically yes, but right now there's only a few chips that I've got support for and unless it's a supported chip, by default it won't let you flash to them. I do however have support in the works for additional chips like the SST39SF010A. I'd pretty much have to see the datasheets for the chip(s) in question and see how they're mapped, etc.

    Not sure what the issue is yet, but I was able to duplicate it. Also another issue I was noticing on some recent builds was the reset button wasn't behaving correctly. Can anyone else confirm this?

    Thanks :)

    So long as the first 16 bytes are modified on the disc as explained earlier, a bios hack would indeed work. I would argue it would even work better as a permanent solution than trying to do a custom boot loader. Though I'd seriously wait for now. There's still some good research being done and things may change in the future.
     
  3. -=FamilyGuy=-

    -=FamilyGuy=- Site Supporter 2049

    Joined:
    Mar 3, 2007
    Messages:
    3,097
    Likes Received:
    1,046
    My point was that a bios fix would probably be more complicated than simply changing the SEGASATURN string to PSEUDOSATURN in the bios. Can you confirm that?
     
    Last edited: Jul 22, 2014
  4. zorlon

    zorlon Spirited Member

    Joined:
    Dec 27, 2013
    Messages:
    179
    Likes Received:
    40
    Reset seems to be working ok though I did have some odd issues that I will note at the end of this post

    Reset with nothing in drive and lid open = animated splash is skipped and goes to the Saturn logo directly
    Reset with nothing in drive and lid closed = resets normally
    Reset with disc in drive and lid closed = resets normally

    I had some odd crashing issues but I can't seem to duplicate them now anyway it was doing the following
    When it was crashing on reset it would not fully reset it just sat on a static screen ranging from the Saturn logo as far as the SEGA logo you see normally if you load in a disc but never got as far as to reload PSEUDO, at that point hitting reset again done nothing, but I can't seem to duplicate now
     
    Last edited: Jul 22, 2014
  5. Bad_Ad84

    Bad_Ad84 The Tick

    Joined:
    May 26, 2011
    Messages:
    8,617
    Likes Received:
    1,387
    boot both?
     
  6. -=FamilyGuy=-

    -=FamilyGuy=- Site Supporter 2049

    Joined:
    Mar 3, 2007
    Messages:
    3,097
    Likes Received:
    1,046
    I guess the cd-rom drive doesn't tell the bios: "By the way, the header is 'SEGA SEGASATURN'". It most probably returns some kind of flag that says what type of disc it is (Authenticated SaturnDisc or not idk if it detects Audio/VCD) then the bios loads the ip.bin an executes it if the flag correspond to SaturnDisc. So the way to hack the bios would probably be to hijack the routine that's executed when the disc isn't a Saturn one and make it check the header, if it's the pseudosaturn one then boot as usual (you don't wanna try to boot an audio cd don't you?).

    Basically that's what pseudosaturn on the AR is already doing, but I meant to say it probably will be more complex than simply patching a string in the bios; you probably gotta write and patch in a "pseudosaturn routine".

    Just an educated guess though. Maybe the drive does actually sends the header to the bios.
     
    Last edited: Jul 22, 2014
  7. Bad_Ad84

    Bad_Ad84 The Tick

    Joined:
    May 26, 2011
    Messages:
    8,617
    Likes Received:
    1,387
    Maybe it just unlocks access to the disk and the bios makes its own decision?

    Thats how I have been reading it, first check unlocks full access to the disc or not. Then bios boots it if the string shows its a saturn disc.

    I can test this, soon as I get time - assuming someone doesnt beat me to it.
     
  8. -=FamilyGuy=-

    -=FamilyGuy=- Site Supporter 2049

    Joined:
    Mar 3, 2007
    Messages:
    3,097
    Likes Received:
    1,046
    I understood it the opposite. The first check checks the header of the disc, if it's "SEGA SEGASATURN" it does the authenticity check and report to the bios that it's a legit Saturn disc if it succeeds, it it fails it may lock the drive. If the header isn't "SEGA SEGASATURN" it unlocks the drive but doesn't execute the bootsector (ipb.bin). This allows to play audio CDs and VCDs among others. What pseudosaturn does is to take over when the header isn't "SEGA SEGASATURN", if it's the pseudosaturn one it boots the game (probably loading the ip.bin in memory and executing it), if not I guess it does nothing so that you can still play audio CD or VCD.


    This is just my understanding of it, but I think it makes great sense.


    [EDIT] Just went over the sourcecode rapidly, and it seems I'm about right about what pseudosaturn does when the CD Block isn't locked (it boots originals too). I don't really get what it does if it's locked though, comments says it unlocks it but CyberWarrior said he needs the custom header and being able to unlock it would render that requirement moot.
     
    Last edited: Jul 22, 2014
  9. Bad_Ad84

    Bad_Ad84 The Tick

    Joined:
    May 26, 2011
    Messages:
    8,617
    Likes Received:
    1,387
    Well, easy way to find out!
     
  10. -=FamilyGuy=-

    -=FamilyGuy=- Site Supporter 2049

    Joined:
    Mar 3, 2007
    Messages:
    3,097
    Likes Received:
    1,046
    Well, in the source-code he quite explicitly loads the ip.bin in memory and executes it. That doesn't look like a bios-side-decision to me:
     
    Last edited: Jul 22, 2014
  11. Bad_Ad84

    Bad_Ad84 The Tick

    Joined:
    May 26, 2011
    Messages:
    8,617
    Likes Received:
    1,387
    Yeah, but maybe thats exactly what the bios does if it finds the header :)

    Needs testing or for the OP to come back with how it works.
     
  12. Bad_Ad84

    Bad_Ad84 The Tick

    Joined:
    May 26, 2011
    Messages:
    8,617
    Likes Received:
    1,387
    Patch the string in the bios and patch the CDR = no booting
    Put in a modchip, patched and unpatched CDRs do not boot either.

    So looks like they string plays a part, but not the whole story.

    Need the op to come back from holiday! :)
     
  13. jhl

    jhl Spirited Member

    Joined:
    Jul 29, 2013
    Messages:
    103
    Likes Received:
    116
    It works thusly:

    Before authenticating a disc, the CD block will not allow any reads at all.
    When you ask it to auth, it will check the first sector for SEGA SEGASATURN. If it matches, then it does the ring/wobble checks, and sets the status to real or fake Saturn disc.
    If the first sector does not start with SEGA SEGASATURN, then it sets the status to audio or data disc.
    If the status is data or real Saturn, it allows reads; otherwise, no.

    Meanwhile, in the BIOS:
    - at startup, wait for a disc, and ask the CDB to authenticate it
    - wait for the result (CDB proceeds as above)
    - if real Saturn, load the IP and jump into the game

    That's why the cart ROM can't load a burned disc with SEGA SEGASATURN - it shows up as fake and the drive is locked. Instead, using discs burned with PSEUDO SATURN, they auth as data and the drive unlocks, and the ROM then does the IP loading functionality instead of the BIOS.

    Make sense?


    edit: the BIOS isn't involved at all once the cart ROM starts executing
    edit2: the BIOS receives the status value from the authentication process and doesn't check the signature itself.
     
    Last edited: Jul 22, 2014
  14. jhl

    jhl Spirited Member

    Joined:
    Jul 29, 2013
    Messages:
    103
    Likes Received:
    116
    There's also nothing stopping someone with the time and inclination from patching this into real BIOS images and making replacement BIOS chips. Just sayin'.
     
  15. MottZilla

    MottZilla Champion of the Forum

    Joined:
    Feb 1, 2006
    Messages:
    5,073
    Likes Received:
    112
    So in theory you could patch the BIOS so when it asks for the disc to be authenticated, it does your attack mentioned in the other thread to unlock reading. And then from there instead of checking a status flag about what kind of disc was authenticated, you could actually re-read the first sector to see if it says SEGA SEGASATURN.

    It'd be pretty nice to see this exploit nicely integrated into the BIOS to make it seamless to the user. Although, thinking about it now for potential multi-disc use, you might want any re-read of the sector for the SEGA SEGASATURN string to have a secondary acceptable string since if the BIOS isn't running to do your attack like during a disc change in a game, you'd have to rely on a patched disc so reading is enabled. Does that sound right?

    Either way, the work from all those involved in these projects is impressive.
     
  16. zorlon

    zorlon Spirited Member

    Joined:
    Dec 27, 2013
    Messages:
    179
    Likes Received:
    40
    In a few ways it is best off that this is done with an Action Replay with 4M ram as it works fine for those that require 1M and 4M ram (excluding the 2 games that have optional 1M rom support, that is not the same as 1M ram) there are also games that support 1M to 4M ram that boost load times

    Another reason is to preserve the original bios options for Memory Management and Karaoke/Audio CD support ect and avoid any issues using the PSEUDO method, though only found a major issue with a single game so far being Panzer Dragoon Saga (Not the boot by Action Replay protection but another issue directly related to PSEUDO), if PSEUDO is perfect that it almost is and it is done so it detects both retail and pseudo and gives the option to start the game or auto boot while keeping the rest of the bios functions then yes that would be very cool, but that would restrict on the number of users able to use that due to the need to replace the bios chip with a flashable chip (not looked into it to be honest so not even sure there are flashable chips of the same size so it may need to be soldered in loose via wires or a custom mini board that would not be ideal)

    For a final release of this if it never has the extra options for memory card use or codes than a dual version of this would be cool one with the debug options and the rest and one just for players that auto boots the disc directly instead of selecting start game and a wait time for debug to be selected

    If this does end up with Action Reply support & Memory Card support either in-game that would be very cool indeedy (especially for Shining Force III that later does require an external Memcard in game to continue a save in later scenario's) or just restore the way the Action Replay done it, then Memory Management and Action Replay codes options are a must

    Flashing the kit would be even better if eventually codes are added if you can set up a small app to build a CD with a custom codes list in simple text format, perhaps a code list creator or even a way to copy codes into a the binary AR bios prior to re-flashing


    I'm not sure if the official Memory Card can but the Datel Memory Card can't be used on the fly,
    you must have that inserted on boot for the games or the bios to see it,
    though if the official Memory Card works on the fly...
    i.e. can be inserted at any time it might be worth me buying one.
    Though last time I thought I was buying one and it ended up being a Datel one
    though the one I have must use a flash chip instead of a battery as it has no battery in it
    does anyone know if the official one works on the fly as described?
     
  17. zorlon

    zorlon Spirited Member

    Joined:
    Dec 27, 2013
    Messages:
    179
    Likes Received:
    40
    My last update to the compat list for a while as I used my last CD-R for now, well until I buy some more

    Added apx 25 more games (not sure as a couple are multi disc games)

    2 more games with issues
    Horde, The (US) that boots to a black screen (I will check the disc image works later)
    Panzer Dragoon II Zwei (US) seems to have the same issue as Panzer Dragoon Saga (EU) & (US), it crashed to a black screen before it takes you in-game

    Both the above do not reset the Saturn once the black screen is hit and you hit eject as it does with Panzer Dragoon Saga so I am assuming that the crash is the same for all 3 games (I could be wrong though)


    Already established Croc as having issues also but this happens without an Action Replay with a retail disc also, but normal fixes don't seem to help PSEUDO overcome the missing textures issue, I wonder if the issues are still there with a v2 Saturn
     
    Last edited: Jul 24, 2014
  18. -=FamilyGuy=-

    -=FamilyGuy=- Site Supporter 2049

    Joined:
    Mar 3, 2007
    Messages:
    3,097
    Likes Received:
    1,046
    @zorlon, CWX and jhl are publishing their finding in an open-source way. There's already nothing but knowledge stopping you (or someone else) from doing a version of the AR loader that boots straight to game and doesn't wait for debug options. My point is that you should not worry too much about the lack of AR-cart support. I'm pretty sure it'll be kept and if not, someone with enough knowledge could totally use the info released so far to do his own version.

    The Saturn bios has already been patched to add region-free compatibility, it's a moderately difficult mod that's quite popular on here. If jhl's exploit for booting cdr would be incorporated into it, it sure would be quite more popular.

    AFAIK, the AR decides which mode it's in via some wise-guessing. Maybe the reason it doesn't work "on-the-fly" is because it isn't in the memorycard mod when hot-plugging?
     
  19. zorlon

    zorlon Spirited Member

    Joined:
    Dec 27, 2013
    Messages:
    179
    Likes Received:
    40
    I have a Datel Memory Card, it has no Action Replay features it's only a Memory Card so it does not load up any menu's or anything like that, it just acts as a normal Memory Card, that is the device I was talking about, I was just curious if the official Memory Card works when plugged in after a game boots up or if it only works if the console is booted with the card in to start with.

    The Action Replay is not seen as a Memory Card at all in the bios or by any games (It was/is just used to backup and restore save data) and wasn't what I was asking about to be honest and I'm sure the Action Replay codes and Memory card features will come, not in any great rush there at the moment though anyway.
     
    Last edited: Jul 24, 2014
  20. Madroms

    Madroms Robust Member

    Joined:
    Feb 3, 2005
    Messages:
    222
    Likes Received:
    9
    Some non official memory cards, mostly the ones with huge amount of save space, use a bootloader to work and witout anything shown on screen at startup. So for those, you need to have them plugged at startup to use them. I think the Datel Memory Card is one of them as the bootloader needs to be launched.
    The official memory card does not have a bootloader. And from memory, it works when inserted on the fly.

    Btw, really great works have been done here. I am really happy to see people involved in the Saturn dev lately.
     

Share This Page