First, we've we've created a Twitter account to help announce blog posts! As always, Patreon supporters get early access, but we'll tweet once they become public.
Anyway, in a previous post we mentioned a new shipment. We've been working it over and have a bunch of updates!
These are similar to other PIC16C5X we've done and were dumped using a UV mask roughly around the EPROM.
Next we targeted SemiCom Hatch Catch's Intel 87C52 (246) because we had dumped an Intel 87C51 and it seemed likely we'd be able to extend the attack. However, decapping yielded a surprise:
It's not an 87C52! After a little digging, it's become apparent that Intel 87C52 isn't a real part. Rather, it's a marketing name for the smallest member of the 87C51FX series marketed to people familiar with 8751/8752 differences.
In any case, this wasn't so bad as we heard there was a laser glitch attack against Intel 87C51FA. The basic idea is to randomly flip transistors with a laser until you find one that happens to unlock the chip. After a little prodding (100 mW green, 45 degree angle)...
...we found an area that unlocked the firmware! This resulted in a good dump for SemiCom Hatch Catch without any encryption applied (see for details on 8751 encryption).
Next we checked if we could extend the attack to the Philips 87C52 parts which are in various SemiCom games (ex: CHOKY!CHOKY!, 247). However we once again we encountered shenanigans with chip markings. Here are two chips that are both "P87C52EBPN":
Which are clearly different! Comparing logos:
So a similar scheme as Intel, but even within what should be the same model (P87C52EBPN) we are finding multiple dies. Without being familiar with Philips part numbering it's hard to say exactly why this is, but it's plausible some of these were remarked.
In any case, we explored a UV attack against 87C52 / XSC6644A as used in CHOKY!CHOKY!:
This is a very tight mask very close to data:
But it gets worse. It appears activating security involves row specific security fuses spread throughout the entire configuration section. So to fully unlock the chip you need to erase many fuses across the entire config column! With this in mind, we decided to use something with a naturally straight edge instead of making a tight nail polish mask along the entire column:
And above shows the actual mask used to dump CHOKY!CHOKY!
Next we looked at Philips 87C51RA+ which is used on several games such as SemiCom Dream World (248) and SemiCom Date Quiz GoGo (255). While we might be able to extend the masking attack on Philips 87C52, it was very touchy. With some experience with the Intel 87C51FA laser glitch, we wondered if Philips 87C51RA+ has a similar vulnerability?
And it does! This gave us what looked like encrypted binaries for both of these games. However, upon closer inspection Date Quiz wasn't encrypted, it just had an unusual structure. First, while most MCS51 binaries have a vector jump table at the beginning. Date Quiz immediately begins main() code. Second, most of the ROM is a large random binary. However, between these two it has a 00 filled section, the low entropy which indicates a trivial encryption key. Second, Dream World had a non-trivial key, but was FF filled at the end, which made the key trivial to extract.
Next, we wondered what else might be vulnerable to laser glitching? We tried Atmel AT89C51 and...
Much to our surprise we also found a glitch! We heard this part was likely going to require microprobing which, although not out of the question, was going to make it much harder.
This allowed dumping Quizard 2, German, TAB DN 122 D3 (C054) and Quizard 4, Czech, TS142 CZ1 (C057).
However, C057 has this near the end:
00000910 00 0a 14 02 00 0a 1e 03 00 0a 32 04 00 0f 1e 02 |..........2.....|
00000920 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................|
00000930 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................|
*
00000a00 ff ff ff ff ff ff ff ff ff ff fa ff ff ff ff ff |................|
00000a10 ff ff fa ff ff ff ff ff ff ff ff ff ff ff ff ff |................|
00000a20 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................|
*
00000a40 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................|
00000a50 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................|
*
00000a80 ff ff ff ff ff ff ff ff ff ff fa ff ff ff ff ff |................|
00000a90 ff ff ff ff ff ff ff ff fa ff ff ff ff ff ff ff |................|
00000aa0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................|
*
00000ac0 ff ff ff ff ff ff ff ff ff ff fb ff ff ff ff ff |................|
00000ad0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................|
We often seem ROMs end in fill patterns like FF, but they should be solid without bit flips. So why do we think this is correct?
Let's dive a little deeper into our laser glitching approach. First, we program a sample with a known pattern and secure it. Next, we create a script that repeatedly reads the chip, saves the current read, and also displays the current read. While this is running, we sweep a laser around the die, focusing near EPROM, until valid looking data shows up. We then tweak the laser until we get a stable readout. In the case of C057, we held the laser stable and observed 40+ consecutive dumps with the same pattern. While we can't for sure rule out bit flips, this at least gives reasonable confidence the binary is correct. Finally, we also do quick disassembly of dumps to verify assembly looks mostly reasonable.
We also hoped to work on 8752BH, but had issues getting our samples programmed. We suspect they are faulty and have new samples on order.
So between PIC16C54, Intel 87C51FA (87C52), Philips 87C52 (P87C52EBPN), Philips 87C51RA+ (P87C52EBPN), and Atmel AT89C51 dumps this month, we so far have been 8 dumps in December!
Now for some less good news. We developed a technique to dump EPM5032DC which is used on some Sega System 24 games. Unfortunately we had some issues while decapping Quiz Mekuromeku Story (249) and Quiz Rouka Ni Tattenasai (250). Specifically 249 appears to have been scratched (above), and 250 is under evaluation. We are determining what can be salvaged and, having resolved the decap issue, are looking for replacements if available.
Enjoy this post? Please support us on Patreon or follow us on Twitter! Note: with the Indiegogo campaign over we unfortunately don't currently have a way to accept one time donations.
The hot air balloon with the Zia symbol is actually kind of interesting. The Phillips facility here in Albuquerque, NM USA closed years ago but I guess they were putting our local icons on their chip dies. Who knew?
ReplyDeleteFantastic news!
ReplyDeleteI'd love to see a video of what you folks go through to get the chips de-capped and dumped. I have read about the subject, but have never seen the process. Many thanks for your work from the whole MAME/Arcade Community :)
ReplyDeleteLook great how decap this, is a nice work
ReplyDeletei wish soon decapping the cps1 bootlegs pics
And merry xmas for al staff!