If you lived through the Y2K fiasco, you might remember a lot of hype with almost zero real-world ramifications in the end. As the calendar year flipped from 1999 to 2000 many forecast disastrous software bugs in machines controlling our banking and infrastructure. While this potential disaster didn’t quite live up to its expectations there was another major infrastructure problem, resulting in many blackouts in North America, that reared its head shortly after the new millennium began. While it may have seemed like Y2K was finally coming to fruition based on the amount of chaos that was caused, the actual cause of these blackouts was simply institutional problems with the power grid itself.
Ask any security professional and they’ll tell you, when an attacker has hardware access it’s game over. You would think this easily applies to arcade games too — the very nature of placing the hardware in the wild means you’ve let all your secrets out. Capcom is the exception to this scenario. They developed their arcade boards to die with their secrets through a “suicide” system. All these decades later we’re beginning to get a clear look at the custom silicon that went into Capcom’s coin-op security.
Alas, this is a “part 1” article and like petulant children, we want all of our presents right now! But have patience, [Eduardo Cruz] over at ArcadeHacker is the storyteller you want to listen to on this topic. He is part of the team that figured out how to “de-suicide” the CP2 protections on old arcade games. We learned of that process last September when the guide was put out. [Eduardo] is now going through all the amazing things they learned while figuring out that process.
These machines — which had numerous titles like Super Street Fighter II and Marvel vs. Capcom — used battery-backed ram to store an encryption key. If someone tampered with the system the key would be lost and the code stored within undecipherable thanks to “two four-round Feistel ciphers with a 64-bit key”. The other scenario is that battery’s shelf life simply expires and the code is also lost. This was the real motivation behind the desuicide project.
An overview of the hardware shows that Capcom employed at least 11 types of custom silicon. As the board revisions became more eloquent, the number of chips dropped, but they continued to employ the trick of supplying each with battery power, hiding the actual location of the encryption key, and even the 68000 processor core itself. There is a 6-pin header that also suicides the boards; this has been a head-scratcher for those doing the reverse engineering. We assume it’s for an optional case-switch, a digital way to ensure you void the warranty for looking under the hood.
Thanks for walking us through this hardware [Eduardo], we can’t wait for the next installment in the series!
You may still have some luck getting those selfies off of your SD card, even if it will no longer mount on your computer. [HDD Recovery Services] shows us a process to directly access the NAND memory of a faulty micro SD card to recover those precious files you thought about backing up but never got around to.
On a Micro SD card you may have noticed there are two slightly longer pins than the rest. These are VSS and VCC pins. As long as they are not a dead short between the two the SD card controller isn’t completely trashed and we can go ahead and get into that little sucker. With a bit of know how — along with sandpaper, enameled wire, and a NAND reader — an image of your lost data can be recovered with a bit of patience and some good soldering skills.
Working your way down from a relatively high grit sand paper, slowly sand away the plastic on the underside of the SD card until you can clearly see the copper traces hidden away inside. Then solder your enameled wire onto the small solder pads to hook it up to a NAND reader and you should be able to read the data that was previously unreachable via conventional means. Of course you’re still going to need to make sense out of the NAND dump. That’s a topic for a different article.
If you ever find yourself in need of an SD card recovery tool you could always roll your own DIY NAND reader. We will likely give this process a try just to play round with the concept. Hopefully we’ll never need to do SD card recovery!