leonardoliveira & Idc's clean decrypted roms

PCB problems and fixes
Post Reply
User avatar
davewellington
The Librarian
Posts: 1407
Joined: July 7th, 2010, 1:42 am
Location: Wellington, New Zealand
Initials: DAV

Re: leonardoliveira & Idc's clean decrypted roms

Post by davewellington »

What does it all mean :D?
*withdraws CPS3 from sale again*
all your wiki pages belong to me
User avatar
geotrig
Potato!
Posts: 6809
Joined: December 5th, 2008, 1:14 pm
Location: ._.
eBay: ._.

Re: leonardoliveira & Idc's clean decrypted roms

Post by geotrig »

:lol:
Image

<trk>:I remember catching a big fat one and my friend said "throw it back in, that one already tastes like wood"
User avatar
ChuChuFlamingo
Posts: 54
Joined: March 27th, 2012, 6:14 am
Location: Michigan

Re: leonardoliveira & Idc's clean decrypted roms

Post by ChuChuFlamingo »

Awesome.
User avatar
idc
Posts: 1335
Joined: October 16th, 2008, 9:17 pm
Location: Tamworth, Staffordshire
Initials: IAN
Contact:

Re: leonardoliveira & Idc's clean decrypted roms

Post by idc »

Leonard and I were chatting about this yesterday when he made the discovery that a the CPU on a dead cart still tries to boot. He discussed with me a few promising ideas on how to proceed, but then I went to bed. This morning I awoke to an e-mail with the awesome news. I was confident, but I didn't expect it to happen so quickly! Nice one Leo! :awe:
ImageImageImageImage
Image
User avatar
Rossyra
Supermod
Posts: 8020
Joined: February 12th, 2009, 1:24 am
Location: UK

Re: leonardoliveira & Idc's clean decrypted roms

Post by Rossyra »

:wtf: :-o
Image
darksoft
Posts: 124
Joined: July 8th, 2011, 10:04 pm
Location:
eBay: greenberetfan
Initials: PFG

Re: leonardoliveira & Idc's clean decrypted roms

Post by darksoft »

Wow. Great work!
Arcade Project Master at www.arcade-projects.com
YZRider926
Posts: 23
Joined: October 19th, 2009, 6:48 pm
Location: VA, USA

Re: leonardoliveira & Idc's clean decrypted roms

Post by YZRider926 »

Very nice work. Looking forward to some more updates.
User avatar
pubjoe
Fosters Political Ambitions
Posts: 9614
Joined: August 19th, 2008, 8:58 am
Location:

Re: leonardoliveira & Idc's clean decrypted roms

Post by pubjoe »

Incredible! :awe:
User avatar
MrSandman
Posts: 245
Joined: October 9th, 2010, 9:00 pm
Location: Germany
eBay: Not yet, not trading yet
Initials: NOR

Re: leonardoliveira & Idc's clean decrypted roms

Post by MrSandman »

:thumbup: :awe: :thumbupright: that is so fantastic !
:eh: What is going on?

What CD has been inserted?

Was the cart dead?

Did the cart match the CD / game?

Is this behaviour different from what is usual?
M. Bison wrote: I’ll **** you till you love me faggot
User avatar
IDCHAPPY
c***3
Posts: 2726
Joined: May 3rd, 2010, 7:25 pm
Location: Edinburgh
eBay: Arcadedreams2013
Initials: IDC
Contact:

Re: leonardoliveira & Idc's clean decrypted roms

Post by IDCHAPPY »

I won't ask how your doing it, but excellent :awe:, makes me feel happier about having CPS3 gear :)
User avatar
leonardoliveira
Posts: 692
Joined: August 30th, 2012, 5:53 am
Location: Brazil
Initials: leo

Re: leonardoliveira & Idc's clean decrypted roms

Post by leonardoliveira »

IDCHAPPY wrote:I won't ask how your doing it, but excellent :awe:, makes me feel happier about having CPS3 gear :)

I'll only say one thing:

Doing CPS2 stuff is like 1000 times more work. >.>
Image
User avatar
kernow
:problem: child
Posts: 14958
Joined: August 17th, 2008, 2:01 pm
Location: Devon
Initials: KRN
Contact:

Re: leonardoliveira & Idc's clean decrypted roms

Post by kernow »

MrSandman wrote::thumbup: :awe: :thumbupright: that is so fantastic !
Is this behaviour different from what is usual?
:roll: :D
David... The wind blows... The wind blows... Bits of your... life awayee
Collin
Banned
Posts: 20
Joined: June 3rd, 2012, 7:12 pm
Location:

Re: leonardoliveira & Idc's clean decrypted roms

Post by Collin »

That is mind-blowingly good news! Congratulations!

I did soil my trousers in the happiest of ways just now.
User avatar
leonardoliveira
Posts: 692
Joined: August 30th, 2012, 5:53 am
Location: Brazil
Initials: leo

Re: leonardoliveira & Idc's clean decrypted roms

Post by leonardoliveira »

If anyone is wondering how this CPS3 revival stuff works, it has to do with that "unknown" chunk of code at address 0x7FF00 every game has and that doesn't seem to decrypt with the game keys.

There are four kinds of DL-3229 chip. That is the purpose of the "A", "B", "C" or "D" sticker on the top of the chip.

The custom SH2 chip is set up to jump to 0x7FF00 (or that stuff is not code but the data which is copied to the security SRAM inside the chip) when it has blanked keys on the SRAM memory. It's a SECURE device so the catch is that each of these four chips use a SET ON STONE key to decrypt a boot loader (which will be at 0x7FF00) and the encrypted bootloader I have works only for ONE of these four chips. Also, it SET the encryption keys only for Street Fighter 3 2nd Impact so that's the only thing I am able to revive (for now).

While it's pretty limited for the time. WE NOW KNOW WHERE TO LOOK for a solution ... :awe:
Last edited by leonardoliveira on September 19th, 2012, 2:35 pm, edited 2 times in total.
Image
User avatar
SuperPang
Master or Universe
Posts: 10258
Joined: August 16th, 2008, 2:45 pm
Location: UK
Contact:

Re: leonardoliveira & Idc's clean decrypted roms

Post by SuperPang »

Oh well that clears that up then :lolno: :wtf:
YZRider926
Posts: 23
Joined: October 19th, 2009, 6:48 pm
Location: VA, USA

Re: leonardoliveira & Idc's clean decrypted roms

Post by YZRider926 »

leonardoliveira wrote:If anyone is wondering how this CPS3 revival stuff works, it has to do with that "unknown" chunk of code at address 0x7FF00 every game has and that doesn't seem to decrypt with the game keys.

There are four kinds of DL-3229 chip. That is the purpose of the "A", "B", "C" or "D" sticker on the top of the chip.

The custom SH2 chip is set up to jump to 0x7FF00 when it has blanked keys on the SRAM memory. It's a SECURE device so the catch is that each of these four chips use a SET ON STONE key to decrypt a boot loader (which will be at 0x7FF00) and the encrypted bootloader I have works only for ONE of these four chips. Also, it SET the encryption keys for Street Fighter 3 2nd Impact so that's the only thing I am able to revive (for now).

While it's pretty limited for the time. WE NOW KNOW WHERE TO LOOK for a solution ... :awe:
Well you got to start somewhere. So would you need to get different versions of the carts as well as different games for testing and such?
User avatar
leonardoliveira
Posts: 692
Joined: August 30th, 2012, 5:53 am
Location: Brazil
Initials: leo

Re: leonardoliveira & Idc's clean decrypted roms

Post by leonardoliveira »

YZRider926 wrote:Well you got to start somewhere. So would you need to get different versions of the carts as well as different games for testing and such?
Pretty much, yes.

Right now I'm on the IRC with xorloser (yes the guy what knows lots of crypto stuff) working some tests out. ;)

Also, there's a possibility that chunk is not code, but data for the decryption SRAM so I edited my post accordingly.
Image
User avatar
Devil Soundwave
Doesn't go to eleven
Posts: 4757
Joined: January 7th, 2009, 11:56 pm
Location: North London, UK
eBay: DevilSoundwave

Re: leonardoliveira & Idc's clean decrypted roms

Post by Devil Soundwave »

Holy smokes. Nice work sir!
Collin
Banned
Posts: 20
Joined: June 3rd, 2012, 7:12 pm
Location:

Re: leonardoliveira & Idc's clean decrypted roms

Post by Collin »

Awesome! What has to be done to revive 2I carts?
User avatar
leonardoliveira
Posts: 692
Joined: August 30th, 2012, 5:53 am
Location: Brazil
Initials: leo

Re: leonardoliveira & Idc's clean decrypted roms

Post by leonardoliveira »

Collin wrote:Awesome! What has to be done to revive 2I carts?

We've narrowed the stuff at 7FF00 seems to be the security keys indeed. They're uploaded to the SRAM inside the chip on POR (Power On Reset) ;)

Still working out their "real size".
Image
Post Reply