- 234: World Beach Volleyball
- 241: Ultimate Mortal Kombat
- 242: World Rampage
- 139: Invasion (some bits)
- 227: Action Hollywood (some bytes)
These chips are a bit unusual in several ways. First, they use 12 bit words. Second, code protection intentionally leaks a 4 bit xor of the 12 bit words. Therefore, even with protection enabled you can glean quite a bit about the firmware. We went with a UV attack, but this might also make them vulnerable to programming one nibble at a time and observing the xor difference. Anyway, all chips are dumped as received ("protected dump").
Same idea as the 8751: mask the main EPROM while keeping the security fuse exposed to UV light. All chips were still packaged when received. The first three were easy:
But 227 was received in poor condition:
Pins straightened, but pin 1 still missing. Some debate about whether it was necessary, but couldn't get a good dump without it
Tried soldering but couldn't get anything to stick:
So ground down the package to get more grab:
Which allowed soldering on a pin (solid wire):
but this kept snapping off in the ZIF socket due to slight misalignment. So instead fitted something more flexible:
and got a dump (after de-protecting).
Unfortunately, the protected dump indicates that the first 0x40 words were 0'd. We hoped that de-protecting was going to shed more light on this but did not. Its unknown if this was accidentally erased at some point, the silicon is damaged, or what. Finally, we do not believe we accidentally programmed this. Aside that we don't recall issuing a program command, our programmer defaults to 0xFFF, not 0x000.
139's protected dump has only 2 / 4 bits and the unprotected dump has only 3 / 12 bits. No die damage is visible. We do not yet have a theory as to what happened to this chip.
To summarize, 234, 241, and 242 were dumped successfully. We believe 139 was corrupted before we got it. Similarly, 227 was received bad and its unclear if we can fix it. If the community has replacements for 139 or 227 we'd like to acquire them rather than spending more time investigating.
Enjoy this post? Please support us on Patreon or Indiegogo!
No comments:
Post a Comment