Monday, 13 April 2020

Deconstructing Sega's System 16 Security - Part 2


Sega's FD1089 security module reverse engineering

The FD1089 module variants from Hitachi / SEGA were fabricated in a plastic case, on the back of the module a epoxy layer is visible together with two rows of pins arranged as DIP64. This arrangement mimics a standard 68000 CPU as intended by SEGA.

The sample shown below features the SEGA code 317-0013, this indicates the module was used as the  CPU in Enduro Racer.




As is, the module measures 8.72cm by 2.85cm, not a small piece for a cpu.



The plastic case features a top cover providing access to the battery container, as shown below as many as three batteries could be fitted at once, perhaps allowing for longer data retention configurations. All modules I've seen myself just make use of one battery slot only.

Hitachi seemed to keep most things home by employing Hitachi Maxell CR-2032 3 volt batteries, this one was dated 1986 week 06, that is long enough!

For some reason a white looking dust was found inside all over the battery container, perhaps a battery byproduct over the years?

Lastly, there's a big letter B stamped inside, this corresponds with the specific module type under review: FD1089B. Modules A stamped inside correspond to FD1089A variants.



Time to wear our x-ray glasses so we can see what it looks like inside the module, this is usually one of the most fun parts of a project. For the first time you have a look inside and start making sense of the internals, this one is busy inside and is no standard IC on a package. It's time to start planning an attack.



Easy options first, in order to try gain clean access inside we test the epoxy with a strong paint remover for a couple of days.



Unfortunately this didn't produce any significant results, the epoxy in the FD1089 seems to be well formulated and is resistant to this type of attack.

One step forward, by employing a combination of heat and patience it is possible to separate the plastic case from the epoxy block.




A weak spot on the epoxy curing caused by trapped air is discovered, this allowed for a unique early view of the shinny internal pcb as shown below. 



Time to keep going deeper and figure out how to attack the epoxy, first we take a few extra measurements to understand dimensions, we will need them later on. The epoxy block on its own does 8.49cm by 2.60cm.



With the help of higher resolution x-rays we start to get full control of what's going on in there, eg enumeration and type of devices, guessing the purpose of each device, producing early diagrams, etc...

As shown below, the FD1089 uses a total of four different chips in its operation, left to right: A custom IC (this is where the security magic happens), a 68000 CPU, a 6264 SRAM chip, and a MB3771 voltage monitor (when needed, this takes care of switching power from VCC to VBATT and vice-versa). 

The first three chips are HITACHI bare dies directly glued onto the top of the pcb, the MB3771 is in full form as a surface mounted device soldered to the back of the pcb. 




Next, we need to have a fully validated understanding of the internal interconnect (aka, how things connect to each other and the outside)

The tool of preference for this project was a precision CNC, nothing fancy, just a standard 1610 model kit from Aliexpress. The goal here is precise enough milling so we reveal the circuit while avoiding fatal damage to the interconnect and chips, especially the custom IC.



Hours later, a significant part of the the copper surface is fully exposed and the custom IC preserved in place, though this didn't come without surprises and a couple of drill bits broken in the process. The reason: just below the IC you can see another unexposed rectangle area, this happened to be a ceramic insert placed there during fabrication to protect access to a sensitive area of the module



At this point a further donor module got dremel down bare in order to understand how many more ceramic inserts were there, in total the FD1089 module has four ceramic inserts, two on the front and two on the back shown below in white, they protect key SRAM signals such as the data bus to prevent extraction of the encryption key through direct drilling.

By now I was convinced these modules were probably very expensive to produce back in the day.


For illustration purposes lets take the following example shown below: Four data bit vias from the SRAM are covered with ceramic, both at the origin near the SRAM as well as at the destination close to the custom IC.

Beyond being cool and almost a hand craft, I'm not sure why this was done, if an attacker could drill from above with the intention of making contact, it could do so at other part of the circuit by exposing the copper, you don't require a via specifically for that.




More hours of careful drilling allow us to gain access to further key areas of the pcb, when this process is fully completed it will allow us to work on the next part of the reverse engineering.





Diagraming the interconnect and how chips relate to each other is a critical step before we proceed to examine any deep down chip logic.



Once we are ready to explore the custom chip logic, a further donor unit is put under the knife, the goal here is to cut down the minimum possible sample to allow extraction of the custom IC die housed inside.


Bonus: a cross section of the pcb reveals its four layers, the inner two are dedicated to VCC / GND distribution only.



The smallest possible bite size sandwich is produced, inside not visible is the custom IC, on the left you can see a couple of the white ceramic inserts guarding access.



The sample was then put in a nitric acid beauty spa for several rounds.




At each round the sample was inspected for progress and cleaning. IC dies are very fragile so patience is key, this one waited 30+ years, so it may as well wait another day if necessary. 




Finally getting closer, both ceramic bits are released, we can already see the back of the IC die now exposed.



A final round allowed for the chip die to be fully exposed clean. Pharaonic honors please.



Stay tuned for the next article, we will explore this chip under the microscope. Happy reversing.


5 comments:

  1. Wow! Awesome as usual! Keep up the good work! :D

    ReplyDelete
  2. Fantastic, can't wait for the next update. Have wondered about these modules for decades.

    ReplyDelete
  3. Que bueno, lastima no poder leernos más en AUMAP, gran foro.
    A la espera estoy de algo así para las hard head 2 de SUNA, si no me equivoco llevan un z80 con pila y una sd ram.

    ReplyDelete
  4. wow, love your posts , and of course you sharing the knowledge to revive our boards !! thank you so much

    ReplyDelete