Dropping Acid with the N64: Cloning a 20 Year Old Copy Protection Chip

Presented at ToorCon San Diego 17 (2015), Oct. 24, 2015, 6 p.m. (50 minutes).

This presentation covers our successful efforts to reverse engineer and clone the Nintendo 64′s copy protection chip: the N64 CIC. We describe the processes and techniques we used to finally conquer this chip, nearly 20 years after its introduction. Nintendo’s NES, Super NES, and Nintendo 64 used a series of copy protection chips known as CICs. As the consoles grew more sophisticated, so did the chips. While the NES and Super NES CICs have been cracked and cloned, up until recently the Nintendo 64′s has remained an elusive target. Our team approached this chip by exposing the die (decapping) and optically imaging it, including its mask ROM. Through visual inspection we determined the CPU core and instruction set, and we were able to extract the program code from the mask ROM. We wrote an emulator on PC and ultimately cloned the chip on a PIC microcontroller. We also discuss using similar techniques to attack, reverse engineer, and clone the console-side chip, the PIF.


Presenters:

  • Mike Ryan
    Mike Ryan leads eBay’s Red Team, sniffs Bluetooth, and loves old video games.
  • John McMaster
    John McMaster decaps, x-rays, and does other unspeakable things to chips in his garage. The garage is legitimately scary (and possibly haunted).
  • marshallh
    Marshall likes building hardware. Recently he designs and sells various things mostly related to retro gaming hardware. An unapologetic Altera fanboy, FPGA stuff is where he spends most of his time.

Similar Presentations: