nesdev.org

Cutting pin 4 always worked fine for me (PAL-B area).

I don't quite get what's ''not working'' about the pin-4 to ground mod... Everybody that tried know that it does work. Maybe it was badly phrased?

Btw I wasn't trying to insult you with the "this shouldn't be stickied" thing. But it felt a little like you were trying to say this is an important issue everyone has to read about now. Which is what stickies are meant for. This thread doesn't really require priority over any other thread imo.

For example I don't recall the controller reading bug getting a sticky and that was imo MORE important to development than this.

Possible causes of discrepancy: revision specific, batch specific, what else?

maybe pointing out that it's a backdoor was the wrong thing for me to do
i don't want to get our friendly sharp "employee for hire" in any trouble

i'm jumping back on JCIC now so if i don't reply to this thread tonight that will be why

EDIT:

Jeroen wrote:Btw I wasn't trying to insult you

that's alright .. i was a little sleepy and the way you worded it sounded like poking fun at me.. it happens that's life

EDIT2: i know what the original code i posted is was meant to do now!

if the "out" instruction in the KILL_KEY code wasn't replaced with a "nop" turning key mode into a back door.. the RESET_HOST_IF_KEY code block would prevent someone from putting the lock in key mode and the hooking up a key in lock mode to bypass it the CIC... but it still wouldn't prevent anyone from just removing the lock chip and patching the reset signals

most programmers don't like being "locked out"..

just encase anyone is wondering KILL_KEY is called before the "blink" reset code if the CIC is in key mode and the data steam doesn't match what it wants

alright now i'm done here for the night.. off to AVR land i go

Do you have a full description of the instruction set and so on about CIC? (One thing I have read about it on esolang wiki is that it uses a linear feedback shift register to advance the program counter, but that is all.) Perhaps it can be known, and assembler and emulator can be written too?

disassembler and a C emulator have both been written (a few times)

i'll save you a little time and just say Segher figured out the instruction set and everything you need to know is on hackmii.com

releasing my free universal JCIC coded for the AVR family of MCU's this month along with all the easter eggs i found.. my project is a lock and key mode chip for both NES and SNES (all regions) .. the code may not be available at launch if it ends up being a pre-release though.. i'm going to be cracking the famicom box CIC that hasn't been dumped yet.. had to drop working on that part of the project so i can have a binary ready for nesinfinitelives ..

this thread is a good place for talking about the instruction set of the CIC.. but please only post about the JCIC in the relevant thread in the first post..

hope that's all legible... pm me if it's not and i'll fix it up a little

how did you check the code on the real chip?
IIRC only one of the 3193a and 6113 has been decapped so far?

LN

Lord Nightmare wrote:how did you check the code on the real chip?
IIRC only one of the 3193a and 6113 has been decapped so far?

3195a also.. if you mean the FCB CIC you're right it hasn't been dumped yet.. i don't know why no one thinks it would be cool if a homebrew could run in the slots of nintendos coin operated version of the nes

infiniteneslives sent me a 3198 CIC.. he also asked around to see if anyone would cough up a schematic, data streams or something relevant. the most info i could find was on kevtris's website..and that wasn't much help... don't think he has one anymore though.. most of what i know about the FCB CIC is based on educated guesses, copyright records, sss menu prg dump (don't ask please).. fcb cart wiring.. dumps of the 3195, 3193, 6113 CIC's, patent records and so on.. lots of fun really

i've reverse engineered most of the menu code.. the pain was getting it to boot.. it was coded so it wouldn't run on famicom or nes hardware.. wont even give you an error screen off the shelf

took me a few hours to patch the hardware checks.. mostly stepping through code and injecting or "holding" bytes into ram.. a lot of back and forth.. had to temporarily dropped it though so i can have a rock solid binary for infiniteneslives nes dev cart

i don't have a lot of free time.. so i hope that explains it good enough with all the information floating around the 3198 will be a joke to exploit.. their is no security though obscurity .. and it's a 4-bit micro controller most likely designed for a calculator

Hi Jims Cool,

Can you tell me if it's possible to program (or to patch) a 14-pin IC with 10NES program (for example, dumped in a 3195A chip) and solder it to a motherboard ?

If it's possible, what kind of IC I have to find ?

satchsatch33 wrote:Hi Jims Cool,

Can you tell me if it's possible to program (or to patch) a 14-pin IC with 10NES program (for example, dumped in a 3195A chip) and solder it to a motherboard ?

If it's possible, what kind of IC I have to find ?

Yes, it is possible. However, I would recommend that you just purchase a CIClone: http://www.retrousb.com/product_info.ph ... ucts_id=37

Thx. It seems it's a 8-pin CIC....are you sure does it works ?

It'll work as a key on the cartridge if you rewire the pins to the appropriate places on the motherboard.

But I thought the Ciclone was key only, not useful as a lock. Or what am I missing?

There were some cics that only operate as keys iirc. So you'd have to make sure it's not one of those.

satchsatch33 wrote:Thx. It seems it's a 8-pin CIC....are you sure does it works ?

It doesn't fit in the 14 pin slot a normal CIC would, you would have to re-wire it appropriately. However, Tepples is correct in pointing out that the CIClone can only be used as a "key" (in a cartridge) and not as a "lock" (in a console). A original CIC could operate either way (based on pin 4). However, due to the region searching feature of the CIClone it certainly would not operate properly as a lock.
satchsatch33: why would you want to put a CIC into a console? I can't think of a reason, other than as a repair of a damaged one. In that case, it's way easier to just pull a CIC from an old cartridge.