Dropping Acid with the N64: Cloning a 20 Year Old Copy Protection Chip

Presented at ToorCon San Diego 17 (2015), Oct. 24, 2015, 6 p.m. (50 minutes)

This presentation covers our successful efforts to reverse engineer and clone the Nintendo 64′s copy protection chip: the N64 CIC. We describe the processes and techniques we used to finally conquer this chip, nearly 20 years after its introduction. Nintendo’s NES, Super NES, and Nintendo 64 used a series of copy protection chips known as CICs. As the consoles grew more sophisticated, so did the chips. While the NES and Super NES CICs have been cracked and cloned, up until recently the Nintendo 64′s has remained an elusive target. Our team approached this chip by exposing the die (decapping) and optically imaging it, including its mask ROM. Through visual inspection we determined the CPU core and instruction set, and we were able to extract the program code from the mask ROM. We wrote an emulator on PC and ultimately cloned the chip on a PIC microcontroller. We also discuss using similar techniques to attack, reverse engineer, and clone the console-side chip, the PIF.

Presenters:

• marshallh
  Marshall likes building hardware. Recently he designs and sells various things mostly related to retro gaming hardware. An unapologetic Altera fanboy, FPGA stuff is where he spends most of his time.
• John McMaster
  John McMaster decaps, x-rays, and does other unspeakable things to chips in his garage. The garage is legitimately scary (and possibly haunted).
• Mike Ryan
  Mike Ryan leads eBay’s Red Team, sniffs Bluetooth, and loves old video games.

Similar Presentations:

• HOPE 2020 Virtual Rescheduled / Intro to Game Hacking on the NES
• REcon 2015 / Reversing the Nintendo 64 CIC: Reversing a 20 year old copy protection chip
• The Next HOPE (2010) / Introduction to the Chip Scene: Low Bit Music and Visuals