From d50469adfdd28011642674676e6a75557c500615 Mon Sep 17 00:00:00 2001 From: Bottersnike Date: Fri, 18 Nov 2022 04:49:39 +0000 Subject: [PATCH] Lots of mx docs --- docs.py | 7 +- headers.js | 14 +- styles.css | 36 ++++ templates/pages/sega/software/index.html | 186 ++++++++++++++++++ .../pages/sega/software/mx/mxkeychip.html | 147 ++++++++++++++ .../pages/sega/software/mx/mxmaster.html | 51 +++++ .../sega/software/{ => mx}/mxprestartup.html | 0 .../sega/software/{ => mx}/mxstartup.html | 9 +- templates/pages/sega/software/mxmaster.html | 23 --- .../pages/sega/software/security/dongle.html | 4 - templates/sega.html | 4 +- 11 files changed, 445 insertions(+), 36 deletions(-) create mode 100644 templates/pages/sega/software/mx/mxkeychip.html create mode 100644 templates/pages/sega/software/mx/mxmaster.html rename templates/pages/sega/software/{ => mx}/mxprestartup.html (100%) rename templates/pages/sega/software/{ => mx}/mxstartup.html (85%) delete mode 100644 templates/pages/sega/software/mxmaster.html delete mode 100644 templates/pages/sega/software/security/dongle.html diff --git a/docs.py b/docs.py index 3eedd32..a139baf 100644 --- a/docs.py +++ b/docs.py @@ -50,14 +50,13 @@ SEGA_CONTENTS = { "drivers": ("Device drivers", None), "security": ("Security", { "game.html": "Game encryption", - "dongle.html": "Dongles", "keychip.html": "Keychips", }), "groovemaster.html": "GrooveMaster.ini", }), - "network": ("Networking", { - "allnet.html": "ALL.Net" - }), + # "network": ("Networking", { + # "allnet.html": "ALL.Net" + # }), } CONTENTS = { "": EAMUSE_CONTENTS, diff --git a/headers.js b/headers.js index daf2c51..36e8b90 100644 --- a/headers.js +++ b/headers.js @@ -1,4 +1,5 @@ for (const el of document.querySelectorAll("[id]")) { + if (el.tagName === "marker") continue; el.classList.add("haspara"); const pilcrow = document.createElement("a"); pilcrow.className = "pilcrow"; @@ -13,8 +14,8 @@ const foldable = (root, children) => { if (e.target.classList.contains("pilcrow")) state = true; else state = !state; - children.style.height = state ? "auto" : "0"; - children.style.overflow = state ? "visible" : "hidden"; + if (state) children.classList.remove("closed"); + else children.classList.add("closed"); if (state) root.classList.remove("closed"); else root.classList.add("closed"); }); @@ -31,6 +32,7 @@ const make_foldable = (root) => { if (!stack.root) continue; const new_e = document.createElement("div"); + new_e.classList.add("toggle-section"); for (const old_e of stack.children) { old_e.remove(); new_e.appendChild(old_e); @@ -54,7 +56,13 @@ const make_foldable = (root) => { } }; + let end = null; for (const child of [...root.children]) { + if (child.tagName === "FOOTER") { + end = child; + break; + } + if (/^H\d$/.test(child.tagName)) { const this_level = parseInt(child.tagName[1]) - 1; @@ -73,7 +81,7 @@ const make_foldable = (root) => { } for (let level = 9; level >= 0; level--) { - flush_header(level, null); + flush_header(level, end); } }; make_foldable(document.body); diff --git a/styles.css b/styles.css index 69c3c77..6faeef6 100644 --- a/styles.css +++ b/styles.css @@ -24,6 +24,10 @@ thead { border-bottom: 2px solid currentColor; } +svg { + transform: translateZ(0); +} + td { border: 1px solid #111; padding: 2px; @@ -218,9 +222,11 @@ figure>figcaption:first-child { span.mark { outline: 1px solid #c7254e; } + .client { color: #f5417d; } + .server { color: #4171f5; } @@ -238,6 +244,11 @@ mark { cursor: pointer; position: relative; } + +.toggle-root.closed { + user-select: none; +} + .toggle-root::before { opacity: .5; content: ""; @@ -251,13 +262,38 @@ mark { transform: translateY(-50%) rotate(45deg); transition: transform 100ms ease-out, opacity 100ms ease-out; } + .toggle-root:hover::before { opacity: 1; } + .toggle-root.closed::before { transform: translateY(-50%) rotate(-45deg); } +.toggle-section { + opacity: 1; + height: auto; + transition: opacity 50ms ease-out; + overflow: visible; +} + +.toggle-section.closed { + opacity: 0; + overflow: hidden; + height: 0; +} + +@keyframes height0 { + from { + height: auto; + } + + to { + height: 0; + } +} + @media (prefers-color-scheme: dark) { body { background-color: #000; diff --git a/templates/pages/sega/software/index.html b/templates/pages/sega/software/index.html index b000255..7e537ba 100644 --- a/templates/pages/sega/software/index.html +++ b/templates/pages/sega/software/index.html @@ -3,4 +3,190 @@ {% block body %}

Software

{{ generate_toc()|safe }} + +

The following is a diagram of the Ring* boot process. Click on any of the programs to learn more about what they do. +

+ +

The entrypoint, mxprestartup.exe, is set as the shell for the AppUser user. This is + configured in the registry at HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell.

+ + + + + + + + + + + + + + C:\System\Execute\mxprestartup.exe + + + + + + + + + C:\System\Execute\mxstartup.exe + + + + + + + + + + + + S:\mxmaster.exe + + + + + + + + + + MASTER_PROCESS::SysProcessStart + + + + s:\mxkeychip.exe + + + + + s:\mxnetwork.exe -p 40104 + 7 + + + s:\mxstorage.exe + + + + s:\mxjvs.exe + + + (not present) + + + + + s:\mxinstaller.exe -cmdport 40102 -bindport 40103 + + + MASTER_PROCESS::FdcProcessStart + + + s:\mxgcatcher.exe + + + + s:\mxgfetcher.exe + + + + s:\mxgdeliver.exe + + + MASTER_PROCESS::FirstFgProcessStart + APP_LAUNCHER::CreateThread + APP_LAUNCHER::AppThread (initial launch mode = + 6) + + Launch mode 1 (system error): + + + c:\System\Execute\mxsegaboot.exe -r + + + Launch mode 2 (start game): + + + First found, of: + + + x:\game.com + + + x:\game.exe + + + x:\game.bat + + + + If not found: Launch mode 1 + + + Launch mode 3 (start system test menu): + + + c:\System\Execute\mxsegaboot.exe -t -r + + + Launch mode 4 (start game test menu): + + + First found, of: + + + x:\game.com gametest + + + x:\game.exe gametest + + + x:\game.bat gametest + + + + If not found: Launch mode 1 + + + Launch mode 5 (???): + + + c:\System\Execute\mxsegaboot.exe -d + + + Launch mode 6 (boot system): + + + c:\System\Execute\mxsegaboot.exe + + + + {% endblock %} \ No newline at end of file diff --git a/templates/pages/sega/software/mx/mxkeychip.html b/templates/pages/sega/software/mx/mxkeychip.html new file mode 100644 index 0000000..2c90d6e --- /dev/null +++ b/templates/pages/sega/software/mx/mxkeychip.html @@ -0,0 +1,147 @@ +{% extends "sega.html" %} +{% block title %}mxkeychip{% endblock %} +{% block body %} +

mxkeychip

+ +

mxkeychip is responsible for interfacing between the physical keychip, and anything that needs to talk to it (the + system services and the game). It does this by means of the mxparallel driver. I have not yet documented the parallel + protocol.

+ +

Owners wishing to start a system without a legitimate keychip need only replace this binary with a custom binary. micekeychip + is an example of one such binary, making use of the official libpcp. (Contact me if you want a build.)

+ +

PCP Service

+

mxkeychip runs a PCP service on port 40106 (data port 40107).

+ +

keychip.version

+

Return the keychip version, as two bytes. 0104 is the current keychip version, representing + 1.4. An optional parameter device can be added to retrieve a specific version. The only + allowed value for this however is n2, and 0104 should be returned in both cases. +

+ +

keychip.ds.compute

+

Perform a query-response challenge. The query is the command argument, and the page is passed as a parameter with + name page. TODO: Details of how to calculate responses!

+ +

keychip.ssd.proof

+

Perform a query-response challenge. The query is the command argument, and the page is passed as a parameter with + name page. TODO: Details of how to calculate responses!

+ +

keychip.ssd.hostproof

+

keychip.status

+

Get the current keychip status. Reponses should be either init to indicate mxkeychip is still performing + setup, available to indicate the keychip is ready to use, or error to indicate the keychip + is not present, or unusuable.

+ +

keychip.encrypt

+

keychip.decrypt

+

keychip.setiv

+

keychip.appboot.*

+

Request one of a number of variables from the keychip regarding the authorised game configuration:

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
formattypeData format. mxsegaboot will only support version 1.
platformidThe hardware platform ID. AAL or AAM. ___ is sent if this is + unavailable.
gameidThe four-character game ID. ____ is sent if this is unavailable.
systemflagA single byte containing a number of system flags. What exactly these bits do is unknown right now, but + 64h works fine. +
modeltype02
regionRegion bitmask. 1 = Japan, 2 = USA, 4 = Export, 8 = China
networkaddrThe IP address for this machine
dvdflag01
seedA seed value that will be used for.. something? Not sure yet. It's 16 bytes.
+

keychip.billing.*

+

As with appboot, billing contains a number of values stored on the keychip, however some of these are also writiable. +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
keyidThe keychip ID. For example, A72E-0123456. Read-only.
mainidThe hardware ID. For example, AASE-0123456. This value can be written. In this respect, it stores the + previous owner of the keychip, allowing systems to identify if they have been presented with a new keychip, + and allowing a curious owner (or curious sega) to identify who last used this keychip.
playcountThe number of plays that have been performed. This value can be incremented by providing 1. +
playlimitThe number of plays that are allowed until the game must next check in with a billing server. This value can + be written, however a signature (128 bytes) must then be sent over a data transfer to validate that this + playlimit update was authorised by a legitimate billing server. As the private keys for the billing service + are not currently known, and likely never will be, this renders legitimate keychips useless after playcount + runs out!
nearfulGet the 'nearfull' value stored from the billing server. This is the number of plays remaining at which a + game is expected to pre-emptively check in with a billing server. This value is a 32-bit value, also + containing the accounting mode in the upper two bytes of the value. As with playlimit, this value can be + written, but requires a valid signature to be sent.
signaturepubkeyRetrieve the public key for the billing server signing service.
cacertificationRetrieve the authorative certiciate for the billing server. This certificate will be trusted implicitly, + regardless of the actual legitimacy of the certificate (including allowing self-signing).
+

keychip.tracedata.restore

+

keychip.tracedata.put

+

keychip.tracedata.get

+

keychip.tracedata.logicalerase

+

keychip.tracedata.sectorerase

+

keychip.eeprom

+

keychip.nvram0

+

keychip.nvram1

+

keychip.nvram2

+

keychip.nvram3

+

keychip.nvram4

+

keychip.nvram5

+

keychip.nvram6

+

keychip.nvram7

+

keychip.nvram8

+

keychip.nvram9

+ +{% endblock %} \ No newline at end of file diff --git a/templates/pages/sega/software/mx/mxmaster.html b/templates/pages/sega/software/mx/mxmaster.html new file mode 100644 index 0000000..4b40eb1 --- /dev/null +++ b/templates/pages/sega/software/mx/mxmaster.html @@ -0,0 +1,51 @@ +{% extends "sega.html" %} +{% block title %}mxmaster{% endblock %} +{% block body %} +

mxmaster

+ +

mxmaster is the program responsible for orchastrating the entire system.

+ +

Before spawning any processes, it copies the following files from s:\ into + c:\System\Execute:

+ + +

Following this, it begins to spawn system processes as required. The full diagram can be found on the software page.

+ + + +

PCP Service

+

mxmaster runs a PCP service on port 40100 (data port 40101).

+ +

mxmaster.reconnect.usb.device

+

mxmaster.erase_log

+

mxmaster.output_log

+

mxmaster.logging_available

+

mxmaster.develop

+

mxmaster.foreground.getcount

+

mxmaster.foreground.fault

+

mxmaster.foreground.next

+

mxmaster.foreground.active

+

mxmaster.foreground.current

+ +{% endblock %} \ No newline at end of file diff --git a/templates/pages/sega/software/mxprestartup.html b/templates/pages/sega/software/mx/mxprestartup.html similarity index 100% rename from templates/pages/sega/software/mxprestartup.html rename to templates/pages/sega/software/mx/mxprestartup.html diff --git a/templates/pages/sega/software/mxstartup.html b/templates/pages/sega/software/mx/mxstartup.html similarity index 85% rename from templates/pages/sega/software/mxstartup.html rename to templates/pages/sega/software/mx/mxstartup.html index ae21b5c..511a7cf 100644 --- a/templates/pages/sega/software/mxstartup.html +++ b/templates/pages/sega/software/mx/mxstartup.html @@ -6,9 +6,16 @@

mxstartup is responsible for some very initial system checks, loading the S: drive, and handing over to mxmaster.exe.

+

The S: drive is a TrueCrypt partition. Its keyfile is located in an ADS at + C:\System\Execute\DLL:SystemKeyFile, and the password is segahardpassword. +

+

Micetools contains a bare-minim version of this file. It + can be found on the micetools repository. This shows, roughly, how the volume is mounted and prepared.

+

This is the first time anything other than the Windows XP boot screen will be shown.

- +

mxstartup is responsible for a number of error codes, listed below. This table contains every error mxstartup can produce, to the best of my knowledge.

diff --git a/templates/pages/sega/software/mxmaster.html b/templates/pages/sega/software/mxmaster.html deleted file mode 100644 index eef64e1..0000000 --- a/templates/pages/sega/software/mxmaster.html +++ /dev/null @@ -1,23 +0,0 @@ -{% extends "sega.html" %} -{% block title %}mxmaster{% endblock %} -{% block body %} -

mxmaster

- -

mxmaster is the program responsible for orchastrating the entire system.

- -

It first spawns the following list of programs:

- - - -{% endblock %} \ No newline at end of file diff --git a/templates/pages/sega/software/security/dongle.html b/templates/pages/sega/software/security/dongle.html deleted file mode 100644 index 603aaf7..0000000 --- a/templates/pages/sega/software/security/dongle.html +++ /dev/null @@ -1,4 +0,0 @@ -{% extends "sega.html" %} -{% block title %}{% endblock %} -{% block body %} -{% endblock %} \ No newline at end of file diff --git a/templates/sega.html b/templates/sega.html index 777aebf..b53ed43 100644 --- a/templates/sega.html +++ b/templates/sega.html @@ -4,7 +4,9 @@ - + + +
ContentsALL.NetIntroSoftwareHardware
{% block body %}{% endblock %}