leonardoliveira & Idc's clean decrypted roms

PCB problems and fixes
Forum rules
ArcadeOtaku forum introduction & rules
Post Reply
User avatar
leonardoliveira
Posts: 646
Joined: August 30th, 2012, 5:53 am
Location: Brazil
Initials: leo

leonardoliveira & Idc's clean decrypted roms

Post by leonardoliveira » August 30th, 2012, 6:05 am

idc asked me to try making this game work at something around 1PM my local time... After pouring 12 hours of work in it, I had this:
Image

And this:
Image
100% clean. No fancy menus, no clutter, no dumb/odd A.I. Plays exactly like the original which has suicide battery.

If someone is worried about counterfeits being made out of this, it's up to the buyers to look for MASK ROMS, battery, CAPCOM security seals and pins.

The goal is give people freedom from the tyranny of the suicide battery.





(Posts on this thread being edited to fix picture links)
Last edited by leonardoliveira on August 11th, 2013, 1:50 am, edited 1 time in total.
Image

User avatar
KmanSweden
KmanSweden
Posts: 1429
Joined: October 13th, 2010, 10:37 am
Location: Stockholm, Sweden
eBay: KmanSweden
Initials: PKK
Contact:

Re: CPS2 Development PCB - SFZ

Post by KmanSweden » August 30th, 2012, 6:48 am

Street Fighter Alfa 3? :wtf: :lol: Street Fighter just got a lot better. :D
Up the Irons!

User avatar
idc
Posts: 1351
Joined: October 16th, 2008, 9:17 pm
Location: Tamworth, Staffordshire
Initials: IAN
Contact:

Re: CPS2 Development PCB - SFZ

Post by idc » August 30th, 2012, 7:38 am

KmanSweden wrote:let's call it a remake of Razoolas hack..
I tell you what, let's not. ;)
leonardoliveira wrote:idc asked me to try making this game work at something around 1PM my local time... After pouring 12 hours of work in it, I had this:
And so the "other guy" reveals himself. Thank you, Leo. :awe:
ImageImageImageImage
Image

User avatar
leonardoliveira
Posts: 646
Joined: August 30th, 2012, 5:53 am
Location: Brazil
Initials: leo

Re: CPS2 Development PCB - SFZ

Post by leonardoliveira » August 30th, 2012, 8:59 pm

Who does one, does two, no ?
Image

Image

I didn't fix the memory test for this one yet.

Also, sorry about the thread hijacking ... lol

Edit: Got this one decrypted and running on the record time of five hours.
Last edited by leonardoliveira on August 11th, 2013, 1:51 am, edited 1 time in total.
Image

User avatar
leonardoliveira
Posts: 646
Joined: August 30th, 2012, 5:53 am
Location: Brazil
Initials: leo

Re: CPS2 Development PCB - SFZ

Post by leonardoliveira » September 3rd, 2012, 1:43 pm

Let me hijack this threat a little more ... lol
[+] Spoiler...
Image
Image
Image

User avatar
leonardoliveira
Posts: 646
Joined: August 30th, 2012, 5:53 am
Location: Brazil
Initials: leo

Re: CPS2 Development PCB - SFZ

Post by leonardoliveira » September 3rd, 2012, 2:59 pm

Tetsuosan wrote:I know with my superx phoenix board it has a ton of odd glitches that happen that don't happen with my other super x board ie; odd slowdowns happening at strange times, hit boxes showing up and/or not showing up, etc.
That has to do with wrong data at the decryption. It's not magic. It's a very complex and detailed job.
I had exceptional results once I poured more "love" on it.

The encryption protects on the presumption that you can only have all decrypted code with mangled data or all encrypted code with correct data. You cannot "guess" what is code and what is data. You have to analyze it. So what I do is manually analyze ALL the game code on a disassembler and determine what is code/data then manually transplant what is data from the encrypted rom into the decrypted one.

Even so, after eight hours of work on the QUIZ game I had it working but there were a crash on the attract mode. Which I solved the next day by watching what the program reads from the ROM. There were a sneaky non encrypted word (yes, two bytes) in the middle of a encrypted code area which pointed into another pointer which then finally pointed to a encrypted jumptable. Nasty stuff... ;)

Also I had some oddball grahpical glitches (Sprites disappearing) on the character animations, which went away once I removed what I called "silly NOPs" from the data areas. Silly NOPs are due to CAPCOM compiler/linker (these games are made in C) usually put NOPs to separate data fields on each "chunk" and because into a universe of 65536 possible values per word there's a HIGH possibility for a clash and you get a spurious/wrongly placed NOP instruction in the middle of a data field.
I just gave up from decrypting NOPs at DATA areas. That made up for mostly perfect roms.

Also, whenever I find a glitch I investigate throughly.
Image

User avatar
MrSandman
Posts: 245
Joined: October 9th, 2010, 9:00 pm
Location: Dar Es Salaam, Tanzania
eBay: Mapinga78
Initials: NOR

Re: CPS2 Development PCB - SFZ

Post by MrSandman » September 3rd, 2012, 4:00 pm

leonardoliveira wrote: So what I do is manually analyze ALL the game code on a disassembler and determine what is code/data then manually transplant what is data from the encrypted rom into the decrypted one.
Simply ... WOW!
leonardoliveira wrote: There were a sneaky non encrypted word (yes, two bytes) in the middle of a encrypted code area which pointed into another pointer which then finally pointed to a encrypted jumptable. Nasty stuff... ;)
Besides the "encrypted" part, is that similar to a Z80 "JP (HL)" instruction?
M. Bison wrote: I’ll **** you till you love me faggot

User avatar
leonardoliveira
Posts: 646
Joined: August 30th, 2012, 5:53 am
Location: Brazil
Initials: leo

Re: CPS2 Development PCB - SFZ

Post by leonardoliveira » September 3rd, 2012, 5:48 pm

MrSandman wrote: Simply ... WOW!
Really not that big of a deal... It's just a lot of work. Tedium extreme.
MrSandman wrote: Besides the "encrypted" part, is that similar to a Z80 "JP (HL)" instruction?
Actually it's very interesting how the encryption works, as using instructions indexed by data registers result on the decryption hardware being used. Using a instruction indexed by a address register seems to fetch a plain word from the rom, without kicking the decryption hardware. Keeping that in mind and manually analyzing the dump results on a 100% perfect rom (assuming that I don't commit mistakes during the interactive disassembly) on first try. I had Choko and Puzzloop2 work perfect out of the bat. I had a few mistakes on mighty pang japan on the test menu which I solved quickly using mame's debugger. When you have a full asm listing from the game looking at you in the disassembler it's easy to find any mistakes ... ;)

trmatthe wrote:Very cool stuff guys, both in finding the hardware and also with your investigations into the 68k encrypted opcodes/plaintext data. If you want to farm out any of the work feel free to message me.
I'll keep that in mind. Mostly I would want people to test the games and find bugs.
trmatthe wrote: Would be very very keen to see how the monitor/debugger has been wedged into this - do you know if they've added address decoding for previously unused address space, added a ROM with the monitor code and then stuck a vector into an unused slot in the TRAP jump table or does the debugger equipped game just happen to be a dev release that's not been stripped and chopped yet?
I just enable CAPCOM own debugger, which all games have.
Image

Tetsuosan
Posts: 59
Joined: October 24th, 2008, 1:51 am
Location: Bridgeport, CT U.S.A

Re: CPS2 Development PCB - SFZ

Post by Tetsuosan » September 7th, 2012, 12:35 am

How much would you charge for your services? I wish there was a way to send you the chips by mail for you to program, but I have family in Brazil, and I know as soon as I send the stuff over to you it'll get "lost" in the mail lol. My Super Street Fighter II Turbo board has a phoenix set that doesn't work too well, and I would like to not have the phoenix logo when I boot up the board.

User avatar
richy13
Ming the Merciless
Posts: 818
Joined: July 25th, 2009, 12:38 am
Location: England
eBay: ryu-akuma

Re: CPS2 Development PCB - SFZ

Post by richy13 » September 7th, 2012, 12:34 pm

Razoola as upload pictures of security system used to upload keys to CPS2 B boards

http://cps2shock.emu-france.info/"

if you download the pictures you can see there's a different card for each game set.

richard

User avatar
CPS2
Street Fighter
Posts: 2005
Joined: August 19th, 2008, 10:03 pm
Location: Leeds

Re: CPS2 Development PCB - SFZ

Post by CPS2 » September 7th, 2012, 1:48 pm

richy13 wrote:Razoola as upload pictures of security system used to upload keys to CPS2 B boards

http://cps2shock.emu-france.info/"

if you download the pictures you can see there's a different card for each game set.

richard
That PDA reminds me of an old scientific calculator I used to use a school. :awe:

User avatar
kernow
:problem: child
Posts: 15052
Joined: August 17th, 2008, 2:01 pm
Location: Devon
Initials: KRN
Contact:

Re: CPS2 Development PCB - SFZ

Post by kernow » September 7th, 2012, 2:02 pm

Looks like the cards/software are written in BASIC too? Man, it'd be fun to get hold of those and have a look at the code.
David... The wind blows... The wind blows... Bits of your... life awayee

User avatar
cools
Armed Police Buttrider
Posts: 12493
Joined: August 17th, 2008, 4:49 pm
Location: Wales, United Kingdom
eBay: hordarian
Initials: CLS

Re: CPS2 Development PCB - SFZ

Post by cools » September 7th, 2012, 2:03 pm

The cards themselves require a battery? :awe:
Image

User avatar
idc
Posts: 1351
Joined: October 16th, 2008, 9:17 pm
Location: Tamworth, Staffordshire
Initials: IAN
Contact:

Re: CPS2 Development PCB - SFZ

Post by idc » September 7th, 2012, 3:54 pm

The cards hold a CR2032 type battery and I believe that the software is indeed written in BASIC. Interface with the CPS2 B-board is likely SPI.

Edit: Here's the "last piece of hardware" to which Razoola refers (sorry for crappy iPad pics):
[+] Spoiler...
Image
[+] Spoiler...
Image
[+] Spoiler...
Image
ImageImageImageImage
Image

User avatar
richy13
Ming the Merciless
Posts: 818
Joined: July 25th, 2009, 12:38 am
Location: England
eBay: ryu-akuma

Re: CPS2 Development PCB - SFZ

Post by richy13 » September 7th, 2012, 6:09 pm

idc wrote:The cards hold a CR2032 type battery and I believe that the software is indeed written in BASIC. Interface with the CPS2 B-board is likely SPI.

Edit: Here's the "last piece of hardware" to which Razoola refers (sorry for crappy iPad pics):
[+] Spoiler...
Image
[+] Spoiler...
Image
[+] Spoiler...
Image
Whats inside the metal box ian??did it come with any cables for the J-tag connector or for the communication connector (for boards without the J-tag)?

User avatar
idc
Posts: 1351
Joined: October 16th, 2008, 9:17 pm
Location: Tamworth, Staffordshire
Initials: IAN
Contact:

Re: CPS2 Development PCB - SFZ

Post by idc » September 7th, 2012, 6:28 pm

richy13 wrote:Whats inside the metal box ian??did it come with any cables for the J-tag connector or for the communication connector (for boards without the J-tag)?
More pics will follow soon. Check CPS2Shock now, more of my pics have just appeared there.

Inside are a couple of TDK-branded PCBs which form a switching (~ 120/240 VAC) PSU, and a Capcom PCB which does the business. There are bunch of switches and some wires too. The top has a segmented LED-display. It is "booby trapped", i.e. keys are erased if the case is opened, but I suspect that these are just re-written using the PDA.

Interface is suspected to be SPI, not JTAG, but it came without cables.

It does power on, displaying an error code, followed by "init" if one of the buttons is pressed, which I expect means it's waiting for data from the PDA (which I don't have).
ImageImageImageImage
Image

User avatar
crunchywasp
stompin' an' jumpin'
Posts: 8905
Joined: February 10th, 2012, 2:51 pm
Location: Fife, Scotland
eBay: crunchywasp
Initials: MAK

Re: CPS2 Development PCB - SFZ

Post by crunchywasp » September 7th, 2012, 7:01 pm

Wow! All this hardware that's surfacing is so incredibly cool :ugeek: 8-)
Image

User avatar
leonardoliveira
Posts: 646
Joined: August 30th, 2012, 5:53 am
Location: Brazil
Initials: leo

Re: CPS2 Development PCB - SFZ

Post by leonardoliveira » September 7th, 2012, 7:10 pm

One last hijack on this thread ...

This one requires no explanation:

Image
Image
Image
Last edited by leonardoliveira on August 11th, 2013, 1:53 am, edited 1 time in total.
Image

User avatar
CPS2
Street Fighter
Posts: 2005
Joined: August 19th, 2008, 10:03 pm
Location: Leeds

Re: CPS2 Development PCB - SFZ

Post by CPS2 » September 7th, 2012, 7:11 pm

leonardoliveira wrote:One last hijack on this thread ...

This one requires no explanation:

Image
Image
Image
:eh:

Please explain.

User avatar
idc
Posts: 1351
Joined: October 16th, 2008, 9:17 pm
Location: Tamworth, Staffordshire
Initials: IAN
Contact:

Re: CPS2 Development PCB - SFZ

Post by idc » September 7th, 2012, 7:18 pm

CPS2 wrote:Please explain.
Decrypted Rockman 1. If you look, you can see that it's running using SFA3 decrypted driver, it's what Leo uses to test his ROMs. ;)
ImageImageImageImage
Image

Post Reply