I’m glad to announce the successful reverse engineering of Sega’s System 16 cpu security modules. This development will enable collectors worldwide preserving hardware unmodified, and stop the general discarding of Hitachi FD modules.
The project is right now involving external testers so expect further details and full disclosure over the coming weeks.
For many years, finding how and where did Capcom hid away its security implementation has been a pending critical task for the arcade community. CPS2 systems running out of battery were rendered useless forcing collectors worldwide to perform board conversions or let go of their favorite games.
The 76477 Complex Sound Generation chip (1978) provided sound effects for Space Invaders1 and many other video games. It was also a popular hobbyist chip, easy to experiment with and available at Radio Shack. I reverse-engineered the chip from die photos and found some interesting digital circuitry inside. Perhaps the most interesting is a shift register based white noise generator, useful for drums, gunshots, explosions and other similar sound effects. The chip also uses a digital mixer to combine the chip’s different sound generators. An unusual feature of the chip is that it uses Integrated Injection Logic (I2L), a type of digital logic developed in the 1970s with the goal of high-density, high-speed chips. (I wrote about the chip’s analog circuitry last year in this article.)
I recently helped repair the card reader for the Computer History Museum’s vintage IBM 1401 mainframe. In the process, I learned a lot about the archaic but interesting electromechanical systems used in the card reader. Most of the card reader is mechanical, with belts, gears, and clutches controlling the movement of cards through the mechanism. The reader has a small amount of logic, but instead of transistorized circuits, the logic is implemented with electromechanical relays.1 Timing signals are generated by spinning electromechanical cams that generate pulses at the proper rotation angles. This post explains how these different pieces work together, and how a subtle timing problem caused the card reader to fail.
Here’s an informative part 2 of the Capcom CPS2 reverse engineering series by Eduardo Cruz:
Capcom’s Play System 2, also known as CPS2, was a new arcade platform introduced in 1993 and a firm call on bootlegging. Featuring similar but improved specs to its predecessor CPS1, the system introduced a new security architecture that gave Capcom for the first time a piracy-free platform. A fact that remained true for its main commercial lifespan and that even prevented projects like Mame from gaining proper emulation of the system for years.
As mentioned in my previous post, besides the broken LCD there was also an issue with the power supply portion of the unit and the output voltage was clamped at around 10 to 11V. The digital circuitry portion however seemed to be intact. Unfortunately since an identical LCD is virtually unobtanium, I thought I’d reverse engineer the LCD protocol so once the power supply is fixed I can fix the display by hooking up a different LCD.
Ken Shirriff writes, “A die photo of a vintage 64-bit TTL RAM chip came up on Twitter recently, but the more I examined the photo the more puzzled I became. The chip didn’t look at all like a RAM chip or even a TTL chip, and in fact appeared partially analog. By studying the chip’s circuitry closely, I discovered that this RAM chip was counterfeit and had an entirely different die inside. In this article, I explain how I analyzed the die photos and figured out what it really was.”
Pete posted an article taking a closer look at Maxim’s DS3231 real-time clock:
Fortunately, Maxim also offers the DS3231, which is advertised as an “Extremely Accurate I2C-Integrated RTC/TCXO/Crystal”. This chip has the 32kHz crystal integrated into the package itself and uses a built-in temperature sensor to periodically measure the temperature of the crystal and, by switching different internal capacitors in and out of the crystal circuit, can precisely adjust its frequency so it remains constant. It’s specified to keep time within 2ppm from 0°C to +40°C, and 3.5ppm from -40°C to +85°C, which means the clock would only drift 63 and 110 seconds per year, respectively. Very cool.
Intel’s first product was not a processor, but a memory chip: the 31011 RAM chip, released in April 1969. This chip held just 64 bits of data (equivalent to 8 letters or 16 digits) and had the steep price tag of $99.50.2 The chip’s capacity was way too small to replace core memory, the dominant storage technology at the time, which stored bits in tiny magnetized ferrite cores. However, the 3101 performed at high speed due to its special Schottky transistors, making it useful in minicomputers where CPU registers required fast storage. The overthrow of core memory would require a different technology—MOS DRAM chips—and the 3101 remained in use in the 1980s.3
This article looks inside the 3101 chip and explains how it works. I received two 3101 chips from Evan Wasserman and used a microscope to take photos of the tiny silicon die inside.4 Around the outside of the die, sixteen black bond wires connect pads on the die to the chip’s external pins. The die itself consists of silicon circuitry connected by a metal layer on top, which appears golden in the photo. The thick metal lines through the middle of the chip power the chip.