The Chipwhisperer adapter plugged into a ChipWhisperer, with the STM chip mentiuoned soldered on

ChipWhisperer Adapter Helps Reverse-Engineer A Controversial Game Cartridge

The ChipWhisperer has been a breakthrough in hobbyist use of power analysis and glitching attacks on embedded hardware. If you own one, you surely have seen the IDC and SMA sockets on it – usable for connecting custom breakouts housing a chip you’re currently probing. Today, [MAVProxyUser] brings us a ChipWhisperer adapter for STM32F446ZEJx, which comes in a UFBGA144 package – and the adapter has quite a backstory to it.

In retro gaming world, a crowdfunding campaign for a game called PAPRIUM has seen a huge success getting funded in 2017. However, the campaign has grossly underdelivered throughout the last five years, and out of those rare cartridges delivered to backers, quite a few have faulty hardware. Getting replacements isn’t realistic at this point, so the repair attempts and game preservation efforts have been ongoing. Trouble is – there are protection mechanisms against dumping the cartridges, and one of the protection mechanisms is the built-in flash read protection of the aforementioned STM32 found on the cartridge. This board adapts the chip to a ChipWhisperer interface for protection bypass exploration, and has quite a few configuration jumpers anyone facing a similar chip is able to use – Eagle files are out there as well, in case your chip needs a slightly different approach.

With reverse-engineering underway, are we likely to see this cartridge’s defenses fall? Our assessment is ‘yes’ – it’s not like there’s a shortage of mechanisms for bypassing security ; from modchips to EMP attacks to blasting the die with a laser, hardware-reliant security is, still, quite bypassable. All in all, despite the drama around the project, this is one more reference design for the ChipWhisperer, and a fun journey to look forward to.

That Time Atari Cracked The Nintendo Entertainment System

It was darkest hour for the video game industry following the holiday shopping season of 1982. The torrent of third party developed titles had flooded the home video game console market to the point of saturation. It incited a price war amongst retailers where new releases were dropped to 85% off MSRP after less than a month on the shelves. Mountains of warehouse inventory went unsold leaving a company like Atari choosing to dump the merchandise into the Chihuahuan desert rather than face the looming tax bill. As a result, the whole home video game industry receded seemingly overnight.

One company single-handedly revived video games to mainstream prominence. That company was Nintendo. They’re ostensibly seen as the “savior” of the video games industry, despite the fact that microcomputer games were still thriving (history tends to be written by the victors). Nevertheless their Nintendo Entertainment System (NES) was an innovative console featuring games with scrolling screens, arcade-like sprites. But the tactic they used to avoid repeating the 1983 collapse was to tightly control their market using the Nintendo Seal of Quality.

From the third party developer perspective, Nintendo’s Seal of Quality represented more than just another logo to throw on the box art. It represented what you could and couldn’t do with your business. Those third party licensing agreements dictated the types of games that could be made, the way the games were manufactured, the schedule on which the games shipped to retail, and even the number of games your company could make. From the customer side of things that seal stood for confidence in the product, and Nintendo would go to great lengths to ensure it did just that.

This is the story of how an Atari subsidiary company cracked the hardware security of the original Nintendo and started putting it into their unofficial cartridges.

Continue reading “That Time Atari Cracked The Nintendo Entertainment System”

Remember When Blockbuster Video Tried Burning Game Cartridges On Demand?

By the onset of the 1990s one thing was clear, the future was digital. Analog format sales for music were down, CD sales were up; and it was evident, at least in the US, that people were bringing more computing devices into their homes. At the beginning of the decade, roughly 1 in 3 American households had a Nintendo Entertainment System in them, according to this Good Morning America segment.

With all those consoles out there, every shopping season became a contest of “who could wait in line the longest” to pickup the newest titles. This left last minute shoppers resorting to taking a rain check or return home empty handed. Things didn’t have to be this way. The digital world had emerged and physical media just needed to catch up. It would take an unlikely alliance of two disparate companies for others to open their minds.

Continue reading “Remember When Blockbuster Video Tried Burning Game Cartridges On Demand?”

Flash Game Cartridge For The VIC-20

cart

[Petri]’s first computer was the venerable Commodore VIC-20, predecessor to the Commodore 64. With only 5kB of RAM, a very simple graphics chip, and BASIC, it’s a bare-bones system that’s perfect for a 7-year-old future programmer. [Petri] was trying to figure out something to do with this old computer, and realized the simple schematic would allow him to recreate those classic VIC-20 cartridges using modern hardware.

This project began by cracking open a few game cartridges to see what was inside. They’re very simple devices, consisting of a decoupling cap and a ROM chip wired directly to the data and address busses. [Petri] desoldered the ROM and replaced it with a ribbon cable that would give him a clean breadboard to VIC-20 expansion port interface.

Instead of finding a contemporary EEPROM chip to program, [Petri] decided on using a Flash chip. The original cartridge had a 16kB ROM chip, but the smallest parallel Flash chip he could find was 256k. No problem, then; just ignore a few address lines and everything worked out great.

After getting the VIC-20 reading the breadboarded Flash chip, [Petri] started work on a circuit that would program his Flash chip while still attached to the expansion port. With a few buffer chips and an ATMega32a loaded up with Arduino, he’s able to program the Flash chip and turn it over to the VIC-20.

A simple test that toggled the color of the screen as quickly as possible was all that was needed to test the new circuit. Now, [Petri] can finally start on programming some games for his first love.

Continue reading “Flash Game Cartridge For The VIC-20”

Miniaturized N64 Controller Fits The Tiniest Of Hands

n64-controller-mod

The controllers that came with the Nintendo 64 don’t exactly measure up to the “Duke” of Xbox fame, but they’re not the smallest in the world either. Made by Bacteria forum member [Bungle] says that his girlfriend has incredibly tiny hands, so he thought he might try trimming some of the fat from an N64 controller by cramming its components into an N64 cartridge.

He tore down a 3rd-party N64 controller, tossing out the D-Pad, plug, and rumble motor, retaining all of the other buttons. After gutting the game cartridge, he heated the back side under a lamp and stretched the plastic over a roll of electrical tape to make room for the N64’s trademark “Z” button. Having only removed the rumble motor due to size constraints, he found a suitable replacement at Radio Shack, which fills in for the original nicely.

After a good amount of careful trimming, wiring, and mounting, he came up with the little gem you see above. We’re sure [Bungle’s] girlfriend is pleased with his work, and he seems happy with how it came out as well.

Continue reading to see a short video showing off [Bungle’s] latest creation.

[Thanks, Chris Downing]

Continue reading “Miniaturized N64 Controller Fits The Tiniest Of Hands”