Since my understanding of what I called a 'mod chip' came from the reverse-engineering of the 6-wire version supplied to me, I did not know or care about the actual way the machine validated a disc for booting. All I knew and cared about was this chip faked the information well enough to fool the machine into booting a disc. The essential data it had to fake of course turned out to be the binary representation of the wobble groove data block. Taking the binary data observed in my sessions using a logic analyzer, I determined the PIC chip was programmed to emit three strings of four characters. By characters I mean actual printable 'ASCII' characters, such as those used to write this text. The thing to note about the original mod chips is that upon power-up the chip started spitting out these characters and continued in an endless, repeating loop--emitting the same three 4-character strings over and over again.
The PSX had several weak points in regards to disc authentication. The first is that necessary signals were exposed and available on the circuit board. The second, and more crucial to the early success of mod chips, is that the PSX ignored the fact that a mod chip would endlessly stream 4-character boot strings at the CD controller when the data was no longer needed.. In retrospect, it was understood these character strings came from the wobble groove as previosuly described, and as such there had to be a fault tolerance built into the way the machine checked discs. Mechanical differences between machines, coupled with the fact that reading from an optical disc that could be scratched, dirty, or otherwise imperfect was demanding. Still, if I were designing the authentication procedure today, I certainly wouldn't allow something as wide open as endlessly streaming data at the CD controller's region code data sensing pin to work. To the credit of game designers and/or the manufacturer, they did eventually figure out how to detect a simple mod chip. Of course, there was a solution to that challenge (games detecting mod chips) as well, and in fact I created such a solution before it was ever even needed. More on this later.
The original aka 'simple' mod chip (which I'll call the classic mod chip) was an extremely stupid little thing. After getting powered up, the chip would wait about a second, operate a signal pin on the PIC that, when attached to the PSX, would block wobble groove data. Then the PIC would start emitting 4-character data strings on another PIC pin that was attached to the PSX, effectively replacing the wobble groove data. It would cram this data at the PSX until the power was turned off. Quite the chatterbox.
Once the gate was let down on the original data, the output of the level converter was forever turned off. Since the level converter's output had two states, 'active=low voltage' and 'inactive=hi impedance (no voltage)', with the gate signal active this output was safely available to attach to the PIC 'data' pin. Now, understand that the 'data' pin was now sharing the signal line originally used by the level converter, and the level converter was gated off. The 'data' pin crammed boot strings into the PSX, and discs booted. And there was much rejoicing.
That the PSX ignored the boot strings after the critical moment of reading them to validate a disc made these orignal mod chips really simple. Thats why they worked: the PSX didn't care how much boot data was thrown at it as long as it saw the data at the critical time. What a dumb security protocol. At this point I must admit that the classic mod chip program I wrote that ended up booting original games, copies, HK silvers--you name it; this mod chip program was not written with the intent of booting illegally copied ('pirated') games. It was written because at the time, I just had this original TokiMemo disc, and wanted to boot the damn thing without swapping. Thus my classic mod chip program was the first one written for the public domain not because I was some eyepatch specialist, but because I was lazy!