Also:
same game, same region, different date revision, possibly different key
same game, same region, different date revision, possibly different key
- Thread starter idc
- Start date
J
jassin000
This would be a question for the masters like IDC, but I believe all keys must be trojaned/extracted from working B-boards.
It's a moot point in your case, because (I believe) all keys are known at this point, your board could just be restored...
If not to its original revision (only because it's unknown) then to any revision simply by programming the key and flashing the ROMs.
J
jassin000
I don't think it's 100% public yet, give it some time.
The algorithm is based on Feistel networks, like DES.
https://github.com/mamedev/mame/blob/master/src/mame/machine/cps2crypt.cpp
I believe the process can be reversed doing something like this: https://media.ccc.de/v/27c3-4203-en-distributed_fpga_number_crunching_for_the_masses
although it might be even faster if you understand the algorithm and create a faster way to test keys.
Wanna try?
https://github.com/mamedev/mame/blob/master/src/mame/machine/cps2crypt.cpp
I believe the process can be reversed doing something like this: https://media.ccc.de/v/27c3-4203-en-distributed_fpga_number_crunching_for_the_masses
although it might be even faster if you understand the algorithm and create a faster way to test keys.
Wanna try?
I doubt this, a couple of years back I found an undumped revision of SPF2T, which afaik still hasn't been decrypted. And if I can find an undumped revision, there must be a bunch still out there
J
jassin000
Yea you're totally right, I remember when the Dumping Union people discovered some really late previously unknown revisions in Japan.
Let's say the majority of keys for common games are known.
Each game has a separate key for each different region. This prevents simple region swapping by rewriting ROMs.
Keys are not unique to individual boards.
Revision doesn't matter. All instances of certain game of a certain region will have a specific key, regardless of revision.
The exceptions are the Mitchell titles, i.e. Mighty! Pang, Puzz Loop 2 and Choko. Each of these games have a key that is used for all regions of that game.
We don't need to trojan undumped keys. We know enough about the encryption, and we know what certain encrypted program areas should look like when they're decrypted. It's therefore possible to just calculate the keys through reverse engineering.
We can also easily generate payload data for use with the security writer device based upon known keys, such as those in the MAME source code, or new keys discovered through reverse engineering.
Release will be soon, I can assure you. Just bear with us as we all have full time jobs and families. As Mitsu said, he's had some issues writing to older revision boards, and we'd like to make things as reliable and as simple as possible when we do finally release.
Keys are not unique to individual boards.
Revision doesn't matter. All instances of certain game of a certain region will have a specific key, regardless of revision.
The exceptions are the Mitchell titles, i.e. Mighty! Pang, Puzz Loop 2 and Choko. Each of these games have a key that is used for all regions of that game.
We don't need to trojan undumped keys. We know enough about the encryption, and we know what certain encrypted program areas should look like when they're decrypted. It's therefore possible to just calculate the keys through reverse engineering.
We can also easily generate payload data for use with the security writer device based upon known keys, such as those in the MAME source code, or new keys discovered through reverse engineering.
Release will be soon, I can assure you. Just bear with us as we all have full time jobs and families. As Mitsu said, he's had some issues writing to older revision boards, and we'd like to make things as reliable and as simple as possible when we do finally release.
mountainmanjed
Enthusiast
Yeah pretty much everything about commercial CPS2 boards has been figured out down to where some even know part of the dev board features like where debug dipswitches are mapped. Sure not everything is emulated like networking on tournament battle and the mentioned debug dipswitches. Of course not everything is listed mame or dumped I know someone with a January build of Super Turbo I want to mess with.
As for decrypted sets, making one is hard work I remember trying my own hand at making one with sfa2u which leo beat me to it but alot of it was run till crash then run till crash with trace on figure which address it was loading from that caused the crash (I had better experience once I got the in game debugger working). and it helps if you know what M68k code looks like in hexadecimal.
As for decrypted sets, making one is hard work I remember trying my own hand at making one with sfa2u which leo beat me to it but alot of it was run till crash then run till crash with trace on figure which address it was loading from that caused the crash (I had better experience once I got the in game debugger working). and it helps if you know what M68k code looks like in hexadecimal.
Has this since been submitted to MAME team or anyone else? Would be nice to have latest revs on the multia couple of years back I found an undumped revision of SPF2T, which afaik still hasn't been decrypted. And if I can find an undumped revision, there must be a bunch still out there
-ud
SmokeMonster
Champion
Could someone kindly send me just the CPS2 games from the latest MAME?
Yeh:Has this since been submitted to MAME team or anyone else? Would be nice to have latest revs on the multia couple of years back I found an undumped revision of SPF2T, which afaik still hasn't been decrypted. And if I can find an undumped revision, there must be a bunch still out there
- 0.161: Fluxcore and IDC/Team Avalaunch added Super Puzzle Fighter II Turbo (Euro 960529). David Haywood added CPS2 spf2t key. Renamed (spf2t) to (spf2tu).
