The copy protection of the CD based Sega Saturn game console has finally been cracked. After more than 20 years after the launch of the console, the security researcher Dr. Abrasive found a way to run his own software on the game computer.
Back in the day you could have used a modchip, which meant having to open the Sega Saturn and add an additional chip. Dr Abrasive decided to analyse the copy protection present on the CD and found it to be working well, there are LOADS of forums about copy protection on the Saturn and how to break it but still nobody found a way to run copied CDs on the console. This appears to be mainly because the physical properties of the Sega Saturn CDs differ from CD-R media. They seem to use a special wobble in the outer ring of the disc.
Abrasive first took pretty much the same approach. He also found that the CDs have an outer ring that is used to detect between an original disc and a copy of the disc and got pretty much stuck.
By further analyzing the hardware architecture of the Sega Saturn, the researcher decided to detach the CD module and solder it on its own PCB and read out the ROM contents of the processor this way. By reverse-engineering he mapped the internal operating system and he hoped to find a backdoor in the copy protection code this way, but he didn’t find one.
Eventually he found a solution in the playback of video CDs. By adding a special expansion card users can playback video on their Sega Saturn and this card contained the code where Abrasive was looking for. Through this code he found a possibility to attach the required modchip to the console. This means users no longer have to open their console but can load their own files and software from an USB stick.
Obviously very interesting, but that still doesn’t allow users to run a backup of their Sega Saturn CDs. Hackers and Modders have been looking for a way for a long time to make this possible, but even after 20 years the actual CD copy protection of the Sega Saturn remains a mystery.