Lockout Chip - Falmouth-Games-Academy/comp310-wiki GitHub Wiki

The CIC/10NES is a chip which was installed inside the NES (the lock) [2] which looks for a similar chip which is contained within official Nintendo game cartridges (the key) [2]. These two chips establish a communications protocol which allows the NES to come out of reset mode. This security measure required developers for the NES to purchase a licence for their game from Nintendo [1]. This chip aimed to prevent the sale of pirated games and also allowed for regional lockout of games [2]

However, the overarching reason for Nintendo's development and use of the 10/NES was to protect from a repeat of the 1983 crash[8], which was a result of Atari letting any old company release games for the 2600, which flooded the market with very poor quality games, which knocked the public's faith in the industry. So to ensure that every release was that of a high quality, Nintendo developed the "Official Nintendo Seal of Quality", which was given to every game that a developer released after the approval of Nintendo, and the licencing fees had been paid[9], and as such developers who didn't pay, weren't provided with the chips and thus, their games wouldn't work.

A side effect of the use of the chip however was that licensed games that had a build of dust/dirt or that were misaligned would not be able to communicate with the cart pins properly, hence causing the NES to restart [4]. Nintendo patented the used to create the CIC under the US Patent 4799635A, which restricted others from creating similar chips [6]. The date for this copyright patent expired in 2006 but still prevents others from making programs using the exact code copied from Nintendo, however clones do exist that use different code, such as Krikzz' CIC Clone [7].

Getting Around the Protection

Voltage Spikes

The most common way of getting around the lockout chip with an unlicensed game was to send large voltage spikes [2, 3] from the cartridge to the CIC. When correctly timed, these spiked would crash the chip, stopping it from resetting the system. As a result, Nintendo added extra protection measures to later revisions of the NES, meaning that the majority of unlicensed games which use this lockout defeating technique don't work on the latest version of the system (NES-CPU-11) [3].

Parasite Dongle

Another method of circumventing the CIC security measure was to have the game in the form of a dongle which could connect to a licensed cartridge. This meant that the licensed game's CIC chip handled the authentication and allowed the unlicensed game to play through it [2].

Disabling the Chip

Cutting pin #4 of the CIC chip on the side loading style NES and attaching it to ground (any of pins #11 - #15), supposedly disables the chip, allowing unlicensed games to run [2].

NES10 chip. Red Highlight is where the pin to remove sits.

Increased protection

To combat piracy Nintendo has added protection on the NES board. The board inside the NES will show it's revision number where it is marked NES-CPU- then a number. That number is the revision. 05 is an early model, 07 and 09 added some lockout protection, and 11 was the last version with the most lockout protection. Almost all unlicensed carts that use lockout defeaters will not work on a NES-CPU-11 system [5].

References

• [1] http://nesdev.com/NESTechFAQ.htm
• [2] https://en.wikipedia.org/wiki/CIC_(Nintendo)
• [3] https://taywee.github.io/NerdyNights/nerdynights/nesarchitecture.html
• [4] https://www.thevintagegamers.com/2013/06/bypassing-the-nes10-lockout-chip-mod-tutorial/
• [5] http://nintendoage.com/forum/messageview.cfm?catid=22&threadid=4291
• [6] https://patents.google.com/patent/US4799635
• [7] https://things.bleu255.com/moddingfridays/Multi-Region_NES_CIC_Clone
• [8] https://en.wikipedia.org/wiki/Video_game_crash_of_1983
• [9] http://nintendo.wikia.com/wiki/Official_Nintendo_Seal