CIC-NUS: Difference between revisions
→Boot sequence
No edit summary |
|||
Line 210:
The resulting scrambled sequence is then <code>B5 F5 35</code>, which is transmitted as 6 nibbles on the wire.
===== 3. Random entropy =====
The CIC now waits for the Data CLK line to go low. While the pin stays high, the CIC keeps incrementing an internal memory location.
On the other side of the line, the PIF is now executing a part of the boot process in sync with the CPU, and at some point it is also using a hardware time-based random number generator (it's waiting for a capacitor to charge in a RC connected to one of its pin). Once this is done, the PIF puts the DCLK line low. The amount of time it takes to get this is subject to some entropy (mostly because of the time-based RNG), and thus the CIC will increment the memory location a number of times that changes across boots, which in turns produces something akin to a random number.
===== 4. Checksum =====
[[File:Checksum.png|thumb|A checksum transmitted to PIF (yellow: CLK, cyan: DATA)]]
The CIC writes 16 nibbles which contain the other boot secret: the IPL2 checksum. This is a 6 byte checksum that is used by the PIF to verify that the IPL3 found in the cartridge is the correct one for this CIC. The exact process (that also involves the CPU at its IPL2 stage) is detailed in the [[PIF-NUS page]].
As a prefix to the 6 byte (12 nibble) checksum, 2 bytes (4 nibbles) are prefixed. These bytes come from the random number generated in the previous step and are thus different at each boot.
The resulting 16 nibbles (4: random prefix + 12: checksum) are then scrambled using the same algorithm detailed in the section above related to seeds. As an example, if the random prefix is <code>3F DF</code> and the checksum is <code>A5 36 C0 F1 D8 59</code> (which is the actual CIC 6102 checksum secret), the final sequence transmitted is <code>3F DF A5 36 C0 F1 D8 59</code>which is scrambled and put on the wire as <code>3F 57 29 3E 54 7C F5 90</code>.
After the checksum has been transmitted, the boot sequence is finished, and the CIC enters its main operation loop.
==== Main loop ====
During the main loop, the CIC waits until the PIF transmits a 2-bit command. After a command is received, the CIC executes the command, which might involve receiving additional bits from PIF and/or transmitting bits to it. After this a command is processed, the CIC starts wiring for the next command.
The main loop never exits. Notice that the CIC is not affected by the soft reset (presses of the RESET physical button on the console), as those are handled by PIF resetting the CPU, but do not directly affect the CIC; the boot sequence in fact is not repeated.
The follow paragraphs detail the 4 different commands that can be sent by PIF.
===== 1. Command "Compare" (bits: 00) =====
===== 2. Command "Die" (bits: 01) =====
===== 3. Command "Challenge" (bits: 10) =====
===== 4. Command "Reset" (bits: 10) =====
| |||