The Sony ZN arcade boards used by Capcom, Taito, Tecmo, Raizing, Acclaim, Atari, etc. all use a security chip called a CAT702
info on what that does here: https://github.com/mamedev/mame/blob/master/src/mame/machine/cat702.cpp
Guru also has a nice chart that shows which chips have been dumped and which games they belong to: http://members.iinet.net.au/~lantra9jp1_nbn/gurudumps/ZNx/index.html
Essentially there is a uniquely programmed version of this chip for each game, and a uniquely programmed version of this chip for each mobo variant. Realistically this chip is the only thing preventing easy ROM board conversions on the ZN hardware, and arguably the biggest hurdle towards a multi.
Functionally it takes in some data via clock and data in pins similar to the PS1 controller ports. performs a "transform" calculation and then outputs the results on a data out pin. the transform algorithm doesn't change but there is a small bit of data programmed on the chip used in the calculation that makes it unique (per game/mobo).
I actually contacted the manufacturer of the CAT702 at one point, or rather the company that bought them out, and got nowhere. The front line support at least has no record of the chip ever existing so either it's protected by some kind of NDA or the info was simply/lost forgotten in the buy out.
I've heard it suggested that a PAL/GAL could be used but I'd not found one that seemed to map very well to the CAT702 pinout, and I'm not at all familiar enough programming those especially with serial to make that work.
One other lead is a Bootleg Bloody Roar 2 ROM board I've seen. Last time one of these came up on eBay I lost the auction and the pictures were too blurry to make out what they were using for the protection chip.
However @ArcSys101 recently posted one up for sale: FS Gals Panic S SU/S2 , Bloody Roar 2
and he was kind enough to provide me with this picture:
That's an ATMEL AT89C2051-24PC (data sheet: https://ww1.microchip.com/downloads/en/DeviceDoc/doc0368.pdf)
Now it's possible that the ROMs here are patched to remove security and this chip is doing something else BUT looking at the potential to use this as a replacement CAT702 looks good.
According to the MAME driver the CAT702 works at either 300kHz or 2MHz, the 2051 can operate at 24MHz which should be plenty to process the incoming data.
The Pinout is very amicable as well:
pin - cat702 - 2051
1 - N/C - RST/VPP
2 - +5V - P3.0 (RXD)
3 - +5V - P3.1 (TXD)
4 - +5V - XTAL2
5 - SEL - XTAL1
6 - SEL - P3.2 (INT0)
7 - CLK - P3.3 (INT1)
8 - DIN - P3.4 (TO)
9 - +5V - P3.5 (T1)
10- GND - GND
11- GND - P3.7
12- N/C - P1.0 (AIN0)
13- +5V - P1.1 (AIN1)
14- DOUT- P1.2
15- +5V - P1.3
16- N/C - P1.4
17- +5V - P1.5
18- +5V - P1.6
19- +5V - P1.7
20- +5V - VCC
the 2051 appears to have it's own internal clock which is good, and the necessary pins to make it work (bolded) appear to map really well.
the only pins that might cause a problem are the external XTAL pins 4 and 5, but I think worst case we'd simply have to cut these pins on the 2051.
A PLC might still be better for an eventual multi, but I like the idea of a drop in-solution for conversions or repair that doesn't require patching ROMs. Also I think we could probably program every known code on these chips and have it selectable via jumpers/dips much like the infini-key.
I'm not super well-versed in programming ATMEL chips, I can muddle my way through, I do plan on poking around with this myself but I'd appreciate any comments or ideas people have on this. Is this a viable option or nah?
If any of you out there know your way around an ATMEL and have a ZN board at your disposal I'd encourage you to take a stab at this yourself.
-----
tagging for attention some people that I know might be interested in this:
@CoolFox Removing the Cat702 security on a Primal Rage 2 board set
@Hammy, @undamned Capcom ZN Conversion/Multi Interest Thread
info on what that does here: https://github.com/mamedev/mame/blob/master/src/mame/machine/cat702.cpp
Guru also has a nice chart that shows which chips have been dumped and which games they belong to: http://members.iinet.net.au/~lantra9jp1_nbn/gurudumps/ZNx/index.html
Essentially there is a uniquely programmed version of this chip for each game, and a uniquely programmed version of this chip for each mobo variant. Realistically this chip is the only thing preventing easy ROM board conversions on the ZN hardware, and arguably the biggest hurdle towards a multi.
Functionally it takes in some data via clock and data in pins similar to the PS1 controller ports. performs a "transform" calculation and then outputs the results on a data out pin. the transform algorithm doesn't change but there is a small bit of data programmed on the chip used in the calculation that makes it unique (per game/mobo).
I actually contacted the manufacturer of the CAT702 at one point, or rather the company that bought them out, and got nowhere. The front line support at least has no record of the chip ever existing so either it's protected by some kind of NDA or the info was simply/lost forgotten in the buy out.
I've heard it suggested that a PAL/GAL could be used but I'd not found one that seemed to map very well to the CAT702 pinout, and I'm not at all familiar enough programming those especially with serial to make that work.
One other lead is a Bootleg Bloody Roar 2 ROM board I've seen. Last time one of these came up on eBay I lost the auction and the pictures were too blurry to make out what they were using for the protection chip.
However @ArcSys101 recently posted one up for sale: FS Gals Panic S SU/S2 , Bloody Roar 2
and he was kind enough to provide me with this picture:
That's an ATMEL AT89C2051-24PC (data sheet: https://ww1.microchip.com/downloads/en/DeviceDoc/doc0368.pdf)
Now it's possible that the ROMs here are patched to remove security and this chip is doing something else BUT looking at the potential to use this as a replacement CAT702 looks good.
According to the MAME driver the CAT702 works at either 300kHz or 2MHz, the 2051 can operate at 24MHz which should be plenty to process the incoming data.
The Pinout is very amicable as well:
pin - cat702 - 2051
1 - N/C - RST/VPP
2 - +5V - P3.0 (RXD)
3 - +5V - P3.1 (TXD)
4 - +5V - XTAL2
5 - SEL - XTAL1
6 - SEL - P3.2 (INT0)
7 - CLK - P3.3 (INT1)
8 - DIN - P3.4 (TO)
9 - +5V - P3.5 (T1)
10- GND - GND
11- GND - P3.7
12- N/C - P1.0 (AIN0)
13- +5V - P1.1 (AIN1)
14- DOUT- P1.2
15- +5V - P1.3
16- N/C - P1.4
17- +5V - P1.5
18- +5V - P1.6
19- +5V - P1.7
20- +5V - VCC
the 2051 appears to have it's own internal clock which is good, and the necessary pins to make it work (bolded) appear to map really well.
the only pins that might cause a problem are the external XTAL pins 4 and 5, but I think worst case we'd simply have to cut these pins on the 2051.
A PLC might still be better for an eventual multi, but I like the idea of a drop in-solution for conversions or repair that doesn't require patching ROMs. Also I think we could probably program every known code on these chips and have it selectable via jumpers/dips much like the infini-key.
I'm not super well-versed in programming ATMEL chips, I can muddle my way through, I do plan on poking around with this myself but I'd appreciate any comments or ideas people have on this. Is this a viable option or nah?
If any of you out there know your way around an ATMEL and have a ZN board at your disposal I'd encourage you to take a stab at this yourself.
-----
tagging for attention some people that I know might be interested in this:
@CoolFox Removing the Cat702 security on a Primal Rage 2 board set
@Hammy, @undamned Capcom ZN Conversion/Multi Interest Thread
![IMAG0003[1].jpg](/data/attachments/28/28056-0322f2e3d1a362379bdb55d270e79cd2.jpg)
