The Nintendo GameCube was the first console from Big N with disc-based media. Gone were the cartridges that were absurdly expensive to manufacture. In theory games could be cheaper (yeah, right), and would hold more textures, pictures, and video. Around the time the GameCube hit shelves, your basic home computer started getting DVD burners, and you could walk into Circuit City and buy those tiny little DVD-Rs. But you couldn’t do it. You couldn’t burn GameCube games, at least without advanced soldering skills.
One company did. Datel, a British company that produced the Action Replay, the ‘Game Genie of the GameCube’ figured out how to get around the GameCube’s disc protection. Not only that, but in a decade and a half since the Action Replay came to market, no one has managed to copy their methods. In a fascinating video, [Nathan] takes us around the disc to see how this disc protection scheme actually worked, and how to exploit it to load homebrew games from an SD card.
The Nintendo GameCube disc format is almost, but not quite, the same as a DVD format. On (nearly) every DVD, and almost every GameCube disc, there’s a ‘barcode’ of sorts on the inside of the optical tracks. This burst cutting area (BCA) is unique to every copy that comes off a single master. Additionally, this BCA can only be cut with a YAG laser that’s significantly more powerful than the laser diode in a DVD writer.
But the Action Replay disc from Datel didn’t have this BCA. Why not? The BCA effectively writes over the pits and lands in the first blocks of data in a DVD. Since the BCA is written over data that is already there, you can just encode whatever data the BCA should hold into the raw data of the pits and lands. It’s a brilliant technique that allows consumer equipment to create the Action Replay disc. But surprisingly, this technique wasn’t popularized with the GameCube homebrew scene.
Not that it really mattered, anyway; modchips existed, and with the SD to Memory Card adapter you could run homebrew works without having to burn a disc. That’s exactly what [Nathan] did with his GameCube setup, you can check out the video below.
This thread may be relevant to your interests: https://twitter.com/supersat/status/997292717632765952
“The Nintendo GameCube was the first console from Big N with disc-based media.” Thats not entirely true, there was the N64 DD before ;)
And the Famicom Disk System as well.
Perhaps “first optical-disc based media” would be more appropriate.
Disc != Disk *scnr*
“Disk” typically refers to electromagnetic storage mediums (FDS, 64DD, Floppies) while “disc” typically refers to an optical storage medium (CD, DVD). The author is correct. :)
“disk” (sic) is the USA spelling of the English word “disc”.
The American spelling tends to be used for computer and music media, mostly because of market saturation and all the other English speakers in the world just giving up on the correct spelling for these uses.
Nope wrong….. Like Nate says, Disk= EM storage while Disc = Optical media. It’s that way here in the US just like the rest of the world. I mean that’s what they taught us when I got my frikkin degree in computer information systems back in the day.
Wrong.
USA:
Disc = optical storage
Disk (Diskette) = magnetic storage
1 year and 7 months later. And I am even more distant than THAT from this comment. I wonder if Love can bloom on the Battlefield…
Yes you can use Minidiscs. Although why would you want to?
Apart from them literally being common as dirt and essentially compatible with existing CDR drives?
Interestingly its possible if you are careful to mod them if there is a way to calibrate the spindle diameter.
That’s mini CD rather than minidisc. Minidisc is the magneto-optical storage medium from Sony. Although they were just the best back in the early 2000s
Actually it’s a mini DVD. ;-)
I also remember a guy who wrote a discloader over ethernet. It uses a starfox (?) Exploit to load a stub and then stream the dvd from a pc over ethernet. I remember he showed picture on irc playing animal crossing.
A PSO bug? That at least was the famous bug that lead to network loading of code.
A breakdown of the (now public if not open) source for XenoGC would be very cool too.
PSO was the game tbat he exlloited. Cannot remember the name of that guy too.
Had a great time back then :D
Im still confused what Datel did and how Nintendo protected their disks. this video just showed that Datel could make bootable disks. https://debugmo.de/2008/11/anatomy-of-an-optical-medium-authentication/ I kinda get it but still dont
As far as I’m aware GC discs had 2 copy protection systems. They had the BCA which the GameCube would read to check it exists and sometimes use the data in copy protect systems buIlt in to the game.
And the discs where constant angular velocity as opposed to constant linear velocity like a regular DVD and as far as I’m aware CAV dvd drives were rare back then outside of some DVD camcorders.
If you can master a disc AFAIK it’s fairly easy to emulate both.
Datel had a special header that replicated a BCA.
Most modchip interface the optical drive debug header and put the drive into debug mode AFAIK
Agreed.
Nintendo masters a regular(*) DVD, produces them, and then destroys a few sectors by using a high-powered laser to cut 6 radial “marks” in ~equal angles, right outside to the BCA (Burst Cutting Area; roughly ~188 bytes of information). Those “marks” will corrupt ~50 bits for each track that they cross. Each disc has the marks at a slightly different position.
Nintendo then identifies a few sectors that are corrupted, and measures the distance from the sector header to the cut (and width) in bits, i.e. at sub-micrometer precision. Nintendo takes these measurements, signs(**) them, and writes a BCA with that data. Each BCA is hence unique.
The Gamecube then reads the BCA, decodes the information where the marks should be, seeks to the indicated sector, measures the distance of the sector header to the beginning of the defect, and verifies that it’s in the expected place. (The Gamecube also does more steps which are generally not well researched.)
Now if you have all the same equipment that Nintendo has, you could build a DVD, add marks, measure the marks, write a BCA – but you could not _sign_ the data, as there’s a private key required.(***), so you couldn’t produce a BCA that matches your marks.
Instead, you could attempt to just copy an existing (signed) BCA, and put the marks at the same position as the donor disc. But you have to hit the bits at the exact right position (again, sub-micrometer precision) – wow, that’s hard.
The perfect system?
Turns out, no. Because you don’t _have_ to put the marks on the disc by burning them with a laser after the disc production. Instead, you can just embed them into the bitstream, and basically write data to the disc that looks _very very similar_ to a cut mark – similar enough to fool the reader. But because now it’s part of the data, it’s trivial to align them to the right place relative to the rest of the data. It’s basically “just” writing a sector with very custom data.
So that’s what Datel did: they copied an existing BCA, measured the “marks”, and just wrote a bitstream that makes the reader see the marks at the right places. They are not real holes in the disc anymore, but the reader doesn’t care. They don’t align radially anymore – but the reader doesn’t care. (Plus they simulated the other elements of the copy protection)
Please don’t talk about “Barcode”, “CAV vs. CLV” or even the disc turning into the wrong directions. That’s all misleading at best, and just plain wrong at worst.
(*) well, with custom sector layout, non-standard file system etc., but all of that isn’t related to the actual copy protection.
(**) Except it’s not a proper signature. Crypto is hard, let’s go shopping.
(***) Except, well, crypto is hard, and no private key is actually required.
I have been investigating and looking at dumps of Action Replay & Freeloader on the internet.
The one thing that stands out the most is the BCA data. The data is the same across USA and EUR dumps. I am not sure about JPN because i cant find the dumps of those AR or Freeloader discs on the internet.
The earlier packaging on Freeloader supports this.
I wonder if the BCA data used on these discs are Universal meaning they will work across all regions of Gamecube?
I can only surmise that a hacker was employed to read the BCA data from a service disc, and utilised its data to create a bootable . iso image.
BTW: there are (were) Gamecube mod chip kits that allowed the use of regular size CD-r by replacing the upper half of the console housing. I have a NTSC Gamecube that has been modded this way in my collection.
Nature…. Finds a way.