Search Results

Search results 1-20 of 439.

This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

  • Quote from Finisterre: “In theory, this could very likely be used to modify the memory of a NetDIMM, to massage bits of the OS in place to allow login to the underlying vxworks OS. Again... probably not of much use, ” but why ? there is no protection in NAOMI software. there is no protection in DIMM firmware (except CRC validation, but I cant call this "protection"). there is no any need to be l33t h4xor to run whatever code on NAOMI or DIMM, but regular software developer / coder - develop some…

  • Quote from Finisterre: “At the very least if handled *similarly* in an emulator this could mean someone that passes you an arbitrary rom file may be able to execute code on your machine in the context of the process running the emulator. ” you had good weed

  • Quote from rtw: “Where is the JTAG connector on the DC ? JTAG is not something magic you need a lot of software around it to work. AND it has to be enabled. ” there is none. we don't even know if Dreamcast/NAOMI CPU really had it, as it SH7091 chip, not "regular SH4" SH7750

  • Quote from Finisterre: “I just haven't quiet figured out all the nuances of DC -> Naomi -> AtomisWave -> Emulators of said hardware, etc. ” its mostly same for NAOMI too, except for there is no file system and 1STREAD.BIN file like in Dreamcast images. short instruction: - look at ROM header, starting from 360h is 3x 32bit LE numbers - game exe start offset, destination address in RAM, length - knowing offset/len extract game exe binary - load it in IDA and set Loading address as per "destinatio…

  • Quote from obcd: “Gaelco boards (ATV track) use a 14 pin connector for their jtag connection with the SH4. I seem to have read somewhere that Hitachi used "non standard" JTAG for the SH4 processors. You needed their own (expensive) stuff to connect to it. Maybe you know more about this and are willing to share? ” ATV PCB have unpopulated JP3 and JP4 connectors near each SH4 CPU, they are suspected to be H-UDI (JTAG, IEEE 1149.1) interface, that's all we know. but I don't really understand why yo…

  • I'm not sure what to say, but as was said by Darksoft "I would add to that "+ lots of time + more brains"". disassembly is analysis task, where skills / knowledge / experience is the key, >90% of the work should be done on your own using mentioned, some tools like IDA is only makes it easier. it is same thing like trying to read some mathematics book - you have to know alphabet, you have to know book language, you have to know numbers, you have to know basic math operations, etc etc etc but if y…

  • I have to admit, in this case original research was made by teammate CaH4e3, who found where is DIMM firmware version result check in this game, many years ago. I've just redo patch in other way and removed check at all. anyway, it is quite strange game was booting with black screen, it was expected to show "DIMM BD FIRMWARE DOES NOT FULFILL THE GAME SPEC." error message instead.

  • Quote from KoshiroKazuma: “how do you find which bits in the rom should be modified ? Is there any tool recommend? ” brains + IDA Pro disassembler

  • in such case it more looks like you have soldering problem. when game tries to load some files from game "data" area it gets unexpected data and hangs. this happen before DIMM board firmware version check, which is disabled by patch above. I'd recommend to fill checksum area in ROM header structure, this will help you to determine which ROMs read bad.

  • @KoshiroKazuma you may try to patch VF4FT (rev F) like this: offset oldval newval 000205C6: 0B 09 000205C7: 40 00 000205D0: 0B 09 000205D1: 41 00 but I'm not sure if it will solve all problems

  • I've been told it has been already analyzed, software is a copy of DK's GDEMU, but there was made mistakes in process, so clone works is not exactly same good as original device.

  • Quote from Finisterre: “Also, how is this related to the following stuff? ” its not related, Naomi 2 have JP9-13 jumpers, which selects what will be routed to CN8 - RS232(SH4 SCIF) or RS422(MIE MCU), but Naomi 1 does not. also, I don't think there exists any Naomi 1 jumpers functions explanation, which may be trusted.

  • Quote from nam9: “Is it possible to remove/skip the RAM checks in the NetDIMM firmware? ” yes it is. find some WCCF chd image, for example wccf420e/cdv-10027.chd in MAME romset, extract it, find there checkon.exe file, copy it to new name - checkoff.exe checkon.exe will enable game binary validation at system boot checkoff.exe will disable it

  • about MVSC2 patch - there was changed unlock byte in default EEPROM data (not SRAM), game write these data into mobo settings EEPROM at 1st boot of this game (after it was changed from some another game). as you may imagine, in this case patching host NAOMI RAM will not work, because you should do it in exact moment after BIOS loaded game binary into RAM, but game code didn't get to the point there it checking EEPROM ID/contents, which is one of very 1st tasks game code does. about using cheats …

  • Quote from Finisterre: “I wonder if we tried the same thing over the fiber optic interface on the "communications board" what would happen? ” optic comm board is quite simple device, M68K handle token ring network, there is no high level protocol, only binary blobs sent by game code.

  • nice you get not NAOMI RAM dump, but DIMM board RAM, it is separate device running VxWorks. but good work anyway!

  • @KoshiroKazuma VF4FT game tries to talk with DIMM and determine it's firmware version, it won't work if firmware is less than 3.17, so yes, this game require hacking. on the bright side - changes will be in very start of rom board space, it might be resolved adding IC7 EEPROM with hacked code, so no soldering will be required.

  • Model 2 /3 Security hacks

    MetalliC - - Sega Model 2/3

    Post

    well, it is same security chip, which was introduced back in ST-V, and was widely used in NAOMI games, pretty well researched by now, we got all the decryption keys and everything ~2 years ago (heh, I think it was me who brute forced most of keys for STV/M2/M3 games ) so, having all this knowledge and modern emulation/debugging tools is pretty easy and straightforward to make any kind of hacks...

  • @muckyfingers I see. there is everything drawn as 3D polygons, also character sprites have enabled bilinear filtering during texture fetch. by definition of bilinear - there will be no filtering effect visible if source texture/sprite was drawn 1:1 or was scaled up by integer number (2x, 3x etc). but if scaling was fractional - you'll get resulting image filtered/smoothed-looking. with no bilinear you'll get fractional scaled sprites look "distorted" because of nearest point sampling. funny part…

  • Quote from muckyfingers: “I was curious if anyone poking around inside KOF XI or NGBC saw any way to disable the smoothing filter put on the characters? ” but why ? with no bilinear texture sampling there will be ugly point sampling artifacts, caused by non-integer sprite/texture scaling, to make them look correct size in AW display resolution. proper solution was to redraw character sprites in higher resolution, but SNK was not cared to do that.