in ,

Deconstructing Sega's System 16 Security – Part 2, Hacker News

Deconstructing Sega's System 16 Security – Part 2, Hacker News


Sega’s FD 1127 security module reverse engineering

The FD module variants from Hitachi / SEGA were fabricated in a plastic case, on the back of the module a epoxy layer is visible together with two rows of pins arranged as DIP 98. This arrangement mimics a standard CPU as intended by SEGA.

The sample shown below features the SEGA code – , this indicates the module was used as part of a Enduro Racer game board.

) As is, the module measures 8. (cm by 2.) cm, not a small piece for a cpu.

The plastic case features a top cover providing access to the battery container, as shown below as many as three batteries could be fitted at once, perhaps allowing for longer data retention configurations. All modules I’ve seen myself just make use of one battery slot only.

Hitachi seemed to keep all things home by employing Hitachi Maxell CR – 3 volt batteries. This one was dated week , long enough!

For some reason a white looking dust was found inside all over the battery container, a battery byproduct over the years?

Lastly, there’s a big letter B stamped, this corresponds with the specific module type under review: FD B. Modules A stamped inside correspond to FD 1112 A variants.

X-ray glasses on so we can see what it looks like inside, this is one of the fun parts of the project. For the first time you have a look inside and start trying to make sense of the internals, this one is busy and is no standard IC on a package. Time to start planning an attack.

In order to try gain clean access inside we test the epoxy with a strong paint remover for a few days.

Unfortunately this did not produce any significant results, the epoxy in the FD 1127 is well formulated and is resistant to this type of attack.

By employing a combination of heat and patience it is possible to separate the plastic case from the epoxy block.

A weak spot on the epoxy curing caused by trapped air is discovered, this allowed for a unique early view of the shinny internal pcb as shown below.

Time to keep going deeper and plan to attack the epoxy, first a few measurements are made to understand dimensions whenever needed later on. The epoxy block on its own does 8. (cm by 2.) cm.

With the help of higher resolution x-rays we start to get full control of what’s going on in there, eg enumeration of devices, guessing the purpose of each device, producing early diagrams, etc …

As shown below, the FD 1125 Uses a total of four different chips in its operation. left to right: A custom IC (this is where the security magic happens), a (CPU, a) SRAM chip, and a MB voltage monitor (when needed, this takes care of switching power from VCC to VBATT and vice-versa).

The first three chips are HITACHI bare dies directly glued onto the top of the pcb, the MB is in full form as a surface mount device soldered on the back of the pcb.

Next, we need to have a fully validated understanding of the internal interconnect (aka, how things connect to each other and the outside)

The tool of preference for this project was a precision CNC, nothing fancy, just a standard Aliexpress sourced kit. The goal here is precise enough milling so we reveal the circuit while avoiding fatal damage to the interconnect and chips, especially the custom IC.

Hours later, a significant part of the the copper surface is fully exposed and the custom IC preserved in place, though this didn’t come without surprises and a couple of drill bits broken. Just below the IC you can see another unexposed rectangle area, this happened to be a ceramic insert placed there during fabrication to protect access to a sensitive area of ​​the module

At this point a further donor module got dremel down bare to understand how many more ceramic inserts were there, in total the FD 1192 module has four ceramic inserts, two on the front and two on the back shown below in white, they protect key SRAM signals such as the data bus to prevent extraction of the encryption key through direct drilling.

At this point I was convinced this module was probably very expensive to produce back in the day.

For illustration of the above lets take the following example and visual representation: Four data bit vias from the SRAM are covered with ceramic both at the origin near the SRAM as well as at the destination close to the custom IC.

Beyond being cool and almost a craft, not sure why this was done, if an attacker could drill from above with the intention of making contact, it could do so at other parts of the circuit by exposing the copper, you don’t require a via specifically for that.

More hours of careful drilling allow us to gain access to further key areas of the pcb, when this process is completed we can work on the next part of this reverse engineering.

Diagraming the interconnect and how chips relate to each other is a critical step before we proceed to examine any deep down chip logic.

What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

coord-e / magicpak, Hacker News

coord-e / magicpak, Hacker News

Say goodbye to Samsung's S-Voice — the servers shut down June 1, 2020, Ars Technica

Say goodbye to Samsung's S-Voice — the servers shut down June 1, 2020, Ars Technica