leonardoliveira & Idc's clean decrypted roms
- leonardoliveira
- Please Continue...
- Posts: 692
- Joined: August 30th, 2012, 5:53 am
- Location: Brazil
- Initials: leo
leonardoliveira & Idc's clean decrypted roms
idc asked me to try making this game work at something around 1PM my local time... After pouring 12 hours of work in it, I had this:
And this:
100% clean. No fancy menus, no clutter, no dumb/odd A.I. Plays exactly like the original which has suicide battery.
If someone is worried about counterfeits being made out of this, it's up to the buyers to look for MASK ROMS, battery, CAPCOM security seals and pins.
The goal is give people freedom from the tyranny of the suicide battery.
(Posts on this thread being edited to fix picture links)
And this:
100% clean. No fancy menus, no clutter, no dumb/odd A.I. Plays exactly like the original which has suicide battery.
If someone is worried about counterfeits being made out of this, it's up to the buyers to look for MASK ROMS, battery, CAPCOM security seals and pins.
The goal is give people freedom from the tyranny of the suicide battery.
(Posts on this thread being edited to fix picture links)
Last edited by leonardoliveira on August 11th, 2013, 1:50 am, edited 1 time in total.
- KmanSweden
- KmanSweden
- Posts: 1242
- Joined: October 13th, 2010, 10:37 am
- Location: Stockholm, Sweden
- eBay: KmanSweden
- Initials: PKK
- Contact:
Re: CPS2 Development PCB - SFZ
Street Fighter Alfa 3? Street Fighter just got a lot better.
Up the Irons!
- idc
- Ralf Little impersonator
- Posts: 1311
- Joined: October 16th, 2008, 9:17 pm
- Location: Tamworth, Staffordshire
- eBay: iancourt
- Initials: IAN
- Contact:
Re: CPS2 Development PCB - SFZ
I tell you what, let's not.KmanSweden wrote:let's call it a remake of Razoolas hack..
And so the "other guy" reveals himself. Thank you, Leo.leonardoliveira wrote:idc asked me to try making this game work at something around 1PM my local time... After pouring 12 hours of work in it, I had this:
- leonardoliveira
- Please Continue...
- Posts: 692
- Joined: August 30th, 2012, 5:53 am
- Location: Brazil
- Initials: leo
Re: CPS2 Development PCB - SFZ
Who does one, does two, no ?
I didn't fix the memory test for this one yet.
Also, sorry about the thread hijacking ... lol
Edit: Got this one decrypted and running on the record time of five hours.
I didn't fix the memory test for this one yet.
Also, sorry about the thread hijacking ... lol
Edit: Got this one decrypted and running on the record time of five hours.
Last edited by leonardoliveira on August 11th, 2013, 1:51 am, edited 1 time in total.
- leonardoliveira
- Please Continue...
- Posts: 692
- Joined: August 30th, 2012, 5:53 am
- Location: Brazil
- Initials: leo
Re: CPS2 Development PCB - SFZ
Let me hijack this threat a little more ... lol
- leonardoliveira
- Please Continue...
- Posts: 692
- Joined: August 30th, 2012, 5:53 am
- Location: Brazil
- Initials: leo
Re: CPS2 Development PCB - SFZ
That has to do with wrong data at the decryption. It's not magic. It's a very complex and detailed job.Tetsuosan wrote:I know with my superx phoenix board it has a ton of odd glitches that happen that don't happen with my other super x board ie; odd slowdowns happening at strange times, hit boxes showing up and/or not showing up, etc.
I had exceptional results once I poured more "love" on it.
The encryption protects on the presumption that you can only have all decrypted code with mangled data or all encrypted code with correct data. You cannot "guess" what is code and what is data. You have to analyze it. So what I do is manually analyze ALL the game code on a disassembler and determine what is code/data then manually transplant what is data from the encrypted rom into the decrypted one.
Even so, after eight hours of work on the QUIZ game I had it working but there were a crash on the attract mode. Which I solved the next day by watching what the program reads from the ROM. There were a sneaky non encrypted word (yes, two bytes) in the middle of a encrypted code area which pointed into another pointer which then finally pointed to a encrypted jumptable. Nasty stuff...
Also I had some oddball grahpical glitches (Sprites disappearing) on the character animations, which went away once I removed what I called "silly NOPs" from the data areas. Silly NOPs are due to CAPCOM compiler/linker (these games are made in C) usually put NOPs to separate data fields on each "chunk" and because into a universe of 65536 possible values per word there's a HIGH possibility for a clash and you get a spurious/wrongly placed NOP instruction in the middle of a data field.
I just gave up from decrypting NOPs at DATA areas. That made up for mostly perfect roms.
Also, whenever I find a glitch I investigate throughly.
- MrSandman
- Posts: 348
- Joined: October 9th, 2010, 9:00 pm
- Location: Germany
- eBay: Not yet, not trading yet
- Initials: NOR
Re: CPS2 Development PCB - SFZ
Simply ... WOW!leonardoliveira wrote: So what I do is manually analyze ALL the game code on a disassembler and determine what is code/data then manually transplant what is data from the encrypted rom into the decrypted one.
Besides the "encrypted" part, is that similar to a Z80 "JP (HL)" instruction?leonardoliveira wrote: There were a sneaky non encrypted word (yes, two bytes) in the middle of a encrypted code area which pointed into another pointer which then finally pointed to a encrypted jumptable. Nasty stuff...
"Hans, I've just noticed something."
- leonardoliveira
- Please Continue...
- Posts: 692
- Joined: August 30th, 2012, 5:53 am
- Location: Brazil
- Initials: leo
Re: CPS2 Development PCB - SFZ
Really not that big of a deal... It's just a lot of work. Tedium extreme.MrSandman wrote: Simply ... WOW!
Actually it's very interesting how the encryption works, as using instructions indexed by data registers result on the decryption hardware being used. Using a instruction indexed by a address register seems to fetch a plain word from the rom, without kicking the decryption hardware. Keeping that in mind and manually analyzing the dump results on a 100% perfect rom (assuming that I don't commit mistakes during the interactive disassembly) on first try. I had Choko and Puzzloop2 work perfect out of the bat. I had a few mistakes on mighty pang japan on the test menu which I solved quickly using mame's debugger. When you have a full asm listing from the game looking at you in the disassembler it's easy to find any mistakes ...MrSandman wrote: Besides the "encrypted" part, is that similar to a Z80 "JP (HL)" instruction?
I'll keep that in mind. Mostly I would want people to test the games and find bugs.trmatthe wrote:Very cool stuff guys, both in finding the hardware and also with your investigations into the 68k encrypted opcodes/plaintext data. If you want to farm out any of the work feel free to message me.
I just enable CAPCOM own debugger, which all games have.trmatthe wrote: Would be very very keen to see how the monitor/debugger has been wedged into this - do you know if they've added address decoding for previously unused address space, added a ROM with the monitor code and then stuck a vector into an unused slot in the TRAP jump table or does the debugger equipped game just happen to be a dev release that's not been stripped and chopped yet?
-
- Please Continue...
- Posts: 59
- Joined: October 24th, 2008, 1:51 am
- Location: Bridgeport, CT U.S.A
Re: CPS2 Development PCB - SFZ
How much would you charge for your services? I wish there was a way to send you the chips by mail for you to program, but I have family in Brazil, and I know as soon as I send the stuff over to you it'll get "lost" in the mail lol. My Super Street Fighter II Turbo board has a phoenix set that doesn't work too well, and I would like to not have the phoenix logo when I boot up the board.
- richy13
- Ming the Merciless
- Posts: 792
- Joined: July 25th, 2009, 12:38 am
- Location: UK
- eBay: ...
Re: CPS2 Development PCB - SFZ
Razoola as upload pictures of security system used to upload keys to CPS2 B boards
http://cps2shock.emu-france.info/"
if you download the pictures you can see there's a different card for each game set.
richard
http://cps2shock.emu-france.info/"
if you download the pictures you can see there's a different card for each game set.
richard
- CPS2
- Street Fighter
- Posts: 1993
- Joined: August 19th, 2008, 10:03 pm
- Location: Leeds
Re: CPS2 Development PCB - SFZ
That PDA reminds me of an old scientific calculator I used to use a school.richy13 wrote:Razoola as upload pictures of security system used to upload keys to CPS2 B boards
http://cps2shock.emu-france.info/"
if you download the pictures you can see there's a different card for each game set.
richard
- cools
- Armed Police Buttrider
- Posts: 13459
- Joined: August 17th, 2008, 4:49 pm
- Location: Wales, United Kingdom
- eBay: hordarian
- Initials: CLS
Re: CPS2 Development PCB - SFZ
The cards themselves require a battery?
- idc
- Ralf Little impersonator
- Posts: 1311
- Joined: October 16th, 2008, 9:17 pm
- Location: Tamworth, Staffordshire
- eBay: iancourt
- Initials: IAN
- Contact:
Re: CPS2 Development PCB - SFZ
The cards hold a CR2032 type battery and I believe that the software is indeed written in BASIC. Interface with the CPS2 B-board is likely SPI.
Edit: Here's the "last piece of hardware" to which Razoola refers (sorry for crappy iPad pics):
Edit: Here's the "last piece of hardware" to which Razoola refers (sorry for crappy iPad pics):
- richy13
- Ming the Merciless
- Posts: 792
- Joined: July 25th, 2009, 12:38 am
- Location: UK
- eBay: ...
Re: CPS2 Development PCB - SFZ
Whats inside the metal box ian??did it come with any cables for the J-tag connector or for the communication connector (for boards without the J-tag)?idc wrote:The cards hold a CR2032 type battery and I believe that the software is indeed written in BASIC. Interface with the CPS2 B-board is likely SPI.
Edit: Here's the "last piece of hardware" to which Razoola refers (sorry for crappy iPad pics):
- idc
- Ralf Little impersonator
- Posts: 1311
- Joined: October 16th, 2008, 9:17 pm
- Location: Tamworth, Staffordshire
- eBay: iancourt
- Initials: IAN
- Contact:
Re: CPS2 Development PCB - SFZ
More pics will follow soon. Check CPS2Shock now, more of my pics have just appeared there.richy13 wrote:Whats inside the metal box ian??did it come with any cables for the J-tag connector or for the communication connector (for boards without the J-tag)?
Inside are a couple of TDK-branded PCBs which form a switching (~ 120/240 VAC) PSU, and a Capcom PCB which does the business. There are bunch of switches and some wires too. The top has a segmented LED-display. It is "booby trapped", i.e. keys are erased if the case is opened, but I suspect that these are just re-written using the PDA.
Interface is suspected to be SPI, not JTAG, but it came without cables.
It does power on, displaying an error code, followed by "init" if one of the buttons is pressed, which I expect means it's waiting for data from the PDA (which I don't have).
- crunchywasp
- stompin' an' jumpin'
- Posts: 8080
- Joined: February 10th, 2012, 2:51 pm
- Location: Northern Ireland
- eBay: crunchywasp
- Initials: MAK
Re: CPS2 Development PCB - SFZ
Wow! All this hardware that's surfacing is so incredibly cool
- leonardoliveira
- Please Continue...
- Posts: 692
- Joined: August 30th, 2012, 5:53 am
- Location: Brazil
- Initials: leo
Re: CPS2 Development PCB - SFZ
One last hijack on this thread ...
This one requires no explanation:
This one requires no explanation:
Last edited by leonardoliveira on August 11th, 2013, 1:53 am, edited 1 time in total.
- CPS2
- Street Fighter
- Posts: 1993
- Joined: August 19th, 2008, 10:03 pm
- Location: Leeds
Re: CPS2 Development PCB - SFZ
leonardoliveira wrote:One last hijack on this thread ...
This one requires no explanation:
Please explain.
- idc
- Ralf Little impersonator
- Posts: 1311
- Joined: October 16th, 2008, 9:17 pm
- Location: Tamworth, Staffordshire
- eBay: iancourt
- Initials: IAN
- Contact:
Re: CPS2 Development PCB - SFZ
Decrypted Rockman 1. If you look, you can see that it's running using SFA3 decrypted driver, it's what Leo uses to test his ROMs.CPS2 wrote:Please explain.
- MrSandman
- Posts: 348
- Joined: October 9th, 2010, 9:00 pm
- Location: Germany
- eBay: Not yet, not trading yet
- Initials: NOR
Re: CPS2 Development PCB - SFZ
Wow, that is so cool. Hope with this piece of HW you will be able to figure out how to upload the security keys.idc wrote:The cards hold a CR2032 type battery and I believe that the software is indeed written in BASIC. Interface with the CPS2 B-board is likely SPI.
Edit: Here's the "last piece of hardware" to which Razoola refers (sorry for crappy iPad pics):
"Hans, I've just noticed something."