Saturday, March 10, 2018

Taito C-Chip: data by lobotomy

In a previous post we described some early attempts to analyze the Taito C-Chip. See Haze's forum post for some background on the C-Chip itself.

In particular we're interested in the EPROM. Previous efforts focused on less invasive techniques with the goal of keeping the C-Chip alive after dumping. Unfortunately, we've been unable to successfully send an unlock command and efforts to rebond the EPROM die have been difficult with the equipment we have on hand.

With this in mind, we took a break to regroup. If we remove the ASIC we can solder to PCB traces shared with the EPROM. Traces are documented in our wiring diagram:

Which allows us to make an attack (soldering) plan:

The basic idea is to mill and etch away the purple masked area to expose the PCB. Then, solder wires as indicated by the green dots.

A few issues, but nothing too bad. First, this implies requires removing the ASIC to have enough room to work. As there is not a reliable way to safely remove it (or easily put it back for that matter), this means killing the module. Second, the PCB traces are roughly 6 mil (ie 0.006" => 0.15 mm) width and roughly 12 mil (0.3 mm) pitch. These are non-trivial to solder, although doesn't require as much precision as hand wire bonding (roughly 0.1 mm pads at 0.2 mm pitch). Sort of like soldering a bunch of "0201" size resistors in close proximity.

Lets get started. First, take a c-chip:

Mill it to near PCB:

We went about 2.5 mils down at a time until the ASIC paddle just starts to show. You can see bits of shattered die clinging to the paddle corners.

Then use acid to fully expose PCB:

Next tin areas where we'll make connections:

Now mount to protoboard:

And wire up:

Which successfully dumped the EPROM!

A little hard to measure, but it takes roughly 3 hours per module using this technique. Definitely better at soldering since starting this project.

To date we've dumped Volfied, Superman, and Bonze Adventure (not shown):

Volfied (top) was our first attempt and has the CPU removed due to some early issues getting a dump. We thought the CPU might have been driving some control lines, but it turned out to actually be some solder debris shorting out the power rails. Surprisingly our programmer didn't generate any error messages (over current, continuity, etc).

We have a few more chips in the pipeline that we expect to finish over the next couple of weeks. We're still figuring out which chips, if any, we still need to source to cover all known games.

We've also continued to think about the best ways to keep the module alive. There are still a few options like decapping the area between the dies and using a laser cutter to isolate the EPROM control lines from the ASIC. This is a littler riskier though as we might accidentally sever a bond wire or corrode EPROM pads. For example, if any solder crept to the bond wire it would dissolve the gold, severing the connection.

Finally, what about keeping the PCBs alive after the C-Chip lobotomy? At this point we're thinking the best option is to design a C-Chip compatible module. We know the CPU, have the firmware, and have a reasonable understanding about how the ASIC works. We suspect with a little fiddling one should be able to figure out the remaining details. That said, we'd like to focus on the extracting data rather than repairing PCBs. So this may be left as an exercise to the reader.

Enjoy this post? Please support us on Patreon! Note: with the Indiegogo campaign over we unfortunately don't currently have a way to accept one time donations.

EDIT: Rainbow Islands dumped!

Wednesday, February 14, 2018

Decap C016: GMS' MJ-DFMJ (PIC16F84)

Sounds like there's some debate as to what this game is called, and we couldn't find much info elsewhere about it either. The EPROM's have "MJ-DFMJ" stickers, so we're rolling with that for now.

It has a secured PIC16F84 here:

A sample PIC16F84 was decapped to yield:

With the main memory areas as:

We then live decapped a few:

And put them into a UV EPROM eraser but, while flash and EPROM were erased, the security fuse was not. No dice either using angled erasure even with varying angles and long erasure time.

Time to regroup. Where are the fuses on the die? These seem like a good candidate:

Such that the metal rectangles are shielding. Configuration words correspond to 4 14 bit (56 bit total) user configurable words and 1 general configuration word that's either 4 or 14 bits depending on how literally you interpret the datasheet. The left grouping has 6 * 8 rectangles above and 2 * 3 rectangles below = 54. Close, but not quite right. This area is still plausible if you count adjacent rectangles, but more likely these are capacitors for ADC or something of that sort.

But not to worry. Part of the reason we agreed to do this part is that there are several known attacks against it. First, there are voltage glitching attacks. Second, the same author also mentions that PIC16F84 is vulnerable to optical glitching (pg 104): "The light from the 20 W halogen bulb installed inside our probing station microscope’s illuminator".

Optical glitching is somewhat straightforward to try out, so we started with that. One risk with optical glitching though is that it can cause the chip to latchup (short out), destroying it. Fortunately we have a high end programmer that cuts power if it detects unusual power draw. Anyway, first a sample chip was decapped live. Then, we enabled protection and started repeatedly reading the chip. At the same time we shined a red 5 mW laser pointer randomly across the die and observed responses. Unfortunately, this didn't do much...maybe gave a few bad reads. However, we re-tried with a green 5 mW laser pointer and got it to dump its contents despite being protected!

Unfortunately, this was really hard to reproduce. Fortunately Tim the Toolman Taylor taught us the solution to every problem: MORE POWER! We switched to a 200 mW 650 nm red laser and got more reliable dumps.

We were able to roughly narrow it down to the lower right of the die (relative to above images) but for various reasons decided to get more specific information. Targeting a region also reduces the chances of latchup, although tests showed that the programmer was sufficiently protecting against everything we tried.

Towards that goal we put the sample on our microscope XY stage and tried to trigger glitches using its illuminator. Unfortunately, we were unable to get any responses at all, protection or otherwise. However, we know the high power red laser works reliably. So we mounted it to the microscope XY stage and recorded responses. This roughly gave:

  • Red: power out of spec / overcurrent shutdown
  • Green: protection disabled
  • Gray (hard to see): no response
  • The left and bottom (beyond the red/gray) are not entirely in the scan
Close up of this region:

There are 14 repeated units, so its plausible this is the configuration word. Presumably shining the laser here forces the entire configuration word to all 1's, unlocking the chip.

With this in mind we decapped the real PIC16F84 and repeated the attack, successfully dumping its flash and EEPROM. Victory!

We also did a few follow up experiments. First, we added neutral density filters to the high power red laser, attenuating the beam by 64x (ie <5 mW), and was still able to dump. Second, we re-tried microscope illumination glitching and were able to get this region to glitch:

Which is in this area:

Shrinking the region or moving away removes the glitch. Other regions may work; it wasn't investigated thoroughly. 100x magnification was required at max power (50W bulb, no polarizers, etc).

We also have an AT89C51 in the pipeline from the same board, but are hitting a snag related to getting samples successfully programmed. Hopefully this will be resolved soon and we'll shortly have a follow up post.

Special thanks to EdHunter for supporting this project!

Enjoy this post? Please support us on Patreon! Note: with the Indiegogo campaign over we unfortunately don't currently have a way to accept one time donations.