diff --git a/docs.py b/docs.py index 3eedd32..a139baf 100644 --- a/docs.py +++ b/docs.py @@ -50,14 +50,13 @@ SEGA_CONTENTS = { "drivers": ("Device drivers", None), "security": ("Security", { "game.html": "Game encryption", - "dongle.html": "Dongles", "keychip.html": "Keychips", }), "groovemaster.html": "GrooveMaster.ini", }), - "network": ("Networking", { - "allnet.html": "ALL.Net" - }), + # "network": ("Networking", { + # "allnet.html": "ALL.Net" + # }), } CONTENTS = { "": EAMUSE_CONTENTS, diff --git a/headers.js b/headers.js index daf2c51..36e8b90 100644 --- a/headers.js +++ b/headers.js @@ -1,4 +1,5 @@ for (const el of document.querySelectorAll("[id]")) { + if (el.tagName === "marker") continue; el.classList.add("haspara"); const pilcrow = document.createElement("a"); pilcrow.className = "pilcrow"; @@ -13,8 +14,8 @@ const foldable = (root, children) => { if (e.target.classList.contains("pilcrow")) state = true; else state = !state; - children.style.height = state ? "auto" : "0"; - children.style.overflow = state ? "visible" : "hidden"; + if (state) children.classList.remove("closed"); + else children.classList.add("closed"); if (state) root.classList.remove("closed"); else root.classList.add("closed"); }); @@ -31,6 +32,7 @@ const make_foldable = (root) => { if (!stack.root) continue; const new_e = document.createElement("div"); + new_e.classList.add("toggle-section"); for (const old_e of stack.children) { old_e.remove(); new_e.appendChild(old_e); @@ -54,7 +56,13 @@ const make_foldable = (root) => { } }; + let end = null; for (const child of [...root.children]) { + if (child.tagName === "FOOTER") { + end = child; + break; + } + if (/^H\d$/.test(child.tagName)) { const this_level = parseInt(child.tagName[1]) - 1; @@ -73,7 +81,7 @@ const make_foldable = (root) => { } for (let level = 9; level >= 0; level--) { - flush_header(level, null); + flush_header(level, end); } }; make_foldable(document.body); diff --git a/styles.css b/styles.css index 69c3c77..6faeef6 100644 --- a/styles.css +++ b/styles.css @@ -24,6 +24,10 @@ thead { border-bottom: 2px solid currentColor; } +svg { + transform: translateZ(0); +} + td { border: 1px solid #111; padding: 2px; @@ -218,9 +222,11 @@ figure>figcaption:first-child { span.mark { outline: 1px solid #c7254e; } + .client { color: #f5417d; } + .server { color: #4171f5; } @@ -238,6 +244,11 @@ mark { cursor: pointer; position: relative; } + +.toggle-root.closed { + user-select: none; +} + .toggle-root::before { opacity: .5; content: ""; @@ -251,13 +262,38 @@ mark { transform: translateY(-50%) rotate(45deg); transition: transform 100ms ease-out, opacity 100ms ease-out; } + .toggle-root:hover::before { opacity: 1; } + .toggle-root.closed::before { transform: translateY(-50%) rotate(-45deg); } +.toggle-section { + opacity: 1; + height: auto; + transition: opacity 50ms ease-out; + overflow: visible; +} + +.toggle-section.closed { + opacity: 0; + overflow: hidden; + height: 0; +} + +@keyframes height0 { + from { + height: auto; + } + + to { + height: 0; + } +} + @media (prefers-color-scheme: dark) { body { background-color: #000; diff --git a/templates/pages/sega/software/index.html b/templates/pages/sega/software/index.html index b000255..7e537ba 100644 --- a/templates/pages/sega/software/index.html +++ b/templates/pages/sega/software/index.html @@ -3,4 +3,190 @@ {% block body %}
The following is a diagram of the Ring* boot process. Click on any of the programs to learn more about what they do. +
+ +The entrypoint, mxprestartup.exe
, is set as the shell for the AppUser
user. This is
+ configured in the registry at HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell
.
mxkeychip is responsible for interfacing between the physical keychip, and anything that needs to talk to it (the + system services and the game). It does this by means of the mxparallel driver. I have not yet documented the parallel + protocol.
+ +Owners wishing to start a system without a legitimate keychip need only replace this binary with a custom binary. micekeychip + is an example of one such binary, making use of the official libpcp. (Contact me if you want a build.)
+ +mxkeychip runs a PCP service on port 40106
(data port 40107
).
keychip.version
Return the keychip version, as two bytes. 0104
is the current keychip version, representing
+ 1.4
. An optional parameter device
can be added to retrieve a specific version. The only
+ allowed value for this however is n2
, and 0104
should be returned in both cases.
+
keychip.ds.compute
Perform a query-response challenge. The query is the command argument, and the page is passed as a parameter with
+ name page
. TODO: Details of how to calculate responses!
keychip.ssd.proof
Perform a query-response challenge. The query is the command argument, and the page is passed as a parameter with
+ name page
. TODO: Details of how to calculate responses!
keychip.ssd.hostproof
keychip.status
Get the current keychip status. Reponses should be either init
to indicate mxkeychip is still performing
+ setup, available
to indicate the keychip is ready to use, or error
to indicate the keychip
+ is not present, or unusuable.
keychip.encrypt
keychip.decrypt
keychip.setiv
keychip.appboot.*
Request one of a number of variables from the keychip regarding the authorised game configuration:
+ +formattype |
+ Data format. mxsegaboot will only support version 1 . |
+
platformid |
+ The hardware platform ID. AAL or AAM . ___ is sent if this is
+ unavailable. |
+
gameid |
+ The four-character game ID. ____ is sent if this is unavailable. |
+
systemflag |
+ A single byte containing a number of system flags. What exactly these bits do is unknown right now, but
+ 64h works fine.
+ |
+
modeltype |
+ 02 |
+
region |
+ Region bitmask. 1 = Japan, 2 = USA, 4 = Export, 8 = China | +
networkaddr |
+ The IP address for this machine | +
dvdflag |
+ 01 |
+
seed |
+ A seed value that will be used for.. something? Not sure yet. It's 16 bytes. | +
keychip.billing.*
As with appboot, billing contains a number of values stored on the keychip, however some of these are also writiable. +
+ +keyid |
+ The keychip ID. For example, A72E-0123456. Read-only. | +
mainid |
+ The hardware ID. For example, AASE-0123456. This value can be written. In this respect, it stores the + previous owner of the keychip, allowing systems to identify if they have been presented with a new keychip, + and allowing a curious owner (or curious sega) to identify who last used this keychip. | +
playcount |
+ The number of plays that have been performed. This value can be incremented by providing 1 .
+ |
+
playlimit |
+ The number of plays that are allowed until the game must next check in with a billing server. This value can + be written, however a signature (128 bytes) must then be sent over a data transfer to validate that this + playlimit update was authorised by a legitimate billing server. As the private keys for the billing service + are not currently known, and likely never will be, this renders legitimate keychips useless after playcount + runs out! | +
nearful |
+ Get the 'nearfull' value stored from the billing server. This is the number of plays remaining at which a + game is expected to pre-emptively check in with a billing server. This value is a 32-bit value, also + containing the accounting mode in the upper two bytes of the value. As with playlimit, this value can be + written, but requires a valid signature to be sent. | +
signaturepubkey |
+ Retrieve the public key for the billing server signing service. | +
cacertification |
+ Retrieve the authorative certiciate for the billing server. This certificate will be trusted implicitly, + regardless of the actual legitimacy of the certificate (including allowing self-signing). | +
keychip.tracedata.restore
keychip.tracedata.put
keychip.tracedata.get
keychip.tracedata.logicalerase
keychip.tracedata.sectorerase
keychip.eeprom
keychip.nvram0
keychip.nvram1
keychip.nvram2
keychip.nvram3
keychip.nvram4
keychip.nvram5
keychip.nvram6
keychip.nvram7
keychip.nvram8
keychip.nvram9
mxmaster is the program responsible for orchastrating the entire system.
+ +Before spawning any processes, it copies the following files from s:\
into
+ c:\System\Execute
:
mxsegaboot.exe
mxauthdisc.exe
mxshellexecute.exe
ringmaster_pub.pem
develop_regset.txt
lockid.txt
d3dref9.dll
mxsegaboot_2052.dll
Following this, it begins to spawn system processes as required. The full diagram can be found on the software page.
+ + + +mxmaster runs a PCP service on port 40100
(data port 40101
).
mxmaster.reconnect.usb.device
mxmaster.erase_log
mxmaster.output_log
mxmaster.logging_available
mxmaster.develop
mxmaster.foreground.getcount
mxmaster.foreground.fault
mxmaster.foreground.next
mxmaster.foreground.active
mxmaster.foreground.current
mxstartup is responsible for some very initial system checks, loading the S: drive, and handing over to mxmaster.exe.
+The S: drive is a TrueCrypt partition. Its keyfile is located in an ADS at
+ C:\System\Execute\DLL:SystemKeyFile
, and the password is segahardpassword
.
+
Micetools contains a bare-minim version of this file. It + can be found on the micetools repository. This shows, roughly, how the volume is mounted and prepared.
+This is the first time anything other than the Windows XP boot screen will be shown.
- +mxstartup is responsible for a number of error codes, listed below. This table contains every error mxstartup can produce, to the best of my knowledge.
diff --git a/templates/pages/sega/software/mxmaster.html b/templates/pages/sega/software/mxmaster.html deleted file mode 100644 index eef64e1..0000000 --- a/templates/pages/sega/software/mxmaster.html +++ /dev/null @@ -1,23 +0,0 @@ -{% extends "sega.html" %} -{% block title %}mxmaster{% endblock %} -{% block body %} -mxmaster is the program responsible for orchastrating the entire system.
- -It first spawns the following list of programs:
- -s:\mxkeychip.exe
s:\mxnetwork.exe -p 40104
s:\mxstorage.exe
s:\mxinstaller.exe -cmdport 40102 -binport 40103
(sometimes with -openmode any
appended)s:\mxgcatcher.exe {appboot.platformid} {appboot.gameid} {appboot.networkaddr} {appboot.keyid}
s:\mxgfetcher.exe {appboot.platformid} {appboot.gameid} {appboot.networkaddr} {appboot.keyid}
s:\mxgdeliver.exe {appboot.platformid} {appboot.gameid} {appboot.networkaddr} {appboot.keyid}
C:\WINDOWS\system32\regini.exe S:\default_regset.txt
c:\System\Execute\mxsegaboot.exe
Contents | -ALL.Net | +Intro | +Software | +Hardware |