Model 2 /3 Security hacks

[Darksoft]

Anyone seen this news from 01/2018?

http://www.arcademodbios.com/

 

[twistedsymphony]

Interesting. I didn't even realize Zero Gunner and Pilot Kids used protection.

 

[tinchen3112]

"arcademodbios"
Joerg is very talented, really sad that he is such a strange guy

 

[nem]

Interesting. I didn't even realize Zero Gunner and Pilot Kids used protection.

Neither did I and I have a Zero Gunner here somewhere.

 

[MetalliC]

well, it is same security chip, which was introduced back in ST-V, and was widely used in NAOMI games, pretty well researched by now, we got all the decryption keys and everything ~2 years ago (heh, I think it was me who brute forced most of keys for STV/M2/M3 games )

so, having all this knowledge and modern emulation/debugging tools is pretty easy and straightforward to make any kind of hacks...

 

[werejag]

Joerg stealling more projects done by others

 

[Trol]

Is arcademodbios the only one who has these decrypted roms?

 

[nem]

Andygeezer has decrypted roms available for Model 3. Not sure about Model 2. And no, they're not free either.

 

[stj]

so how does the system work??
what is the scsi chip for?

is the rom board a "virtual drive" ??
that would be *very* interesting from a hacking standpoint!

 

[MetalliC]

why not look at MAME or Supermodel3 source code ? at this point both emulate Model3 security decryption chip. i.e. people already RE'd / hacked how it works, a long ago...

 

[stj]

it wasnt the encryption i was thinking about, it was the possibility of replacing the romboard with a scsi device of some type.

 

[Darksoft]

hmmm roms have an access time of ns and a cdrom of seconds. I see no benefit on that option at all. You won't be able to supply data fast enough to the game.

Replacing with eproms or flashes would be the best option imo.

 

[stj]

the ponit is, if the game is using scsi to get data, it may be relativly easy to create a virtual drive with ram - like a naomi dimm unit.
not so easy if you need to have some 60+ address & data lines to the game stack.

 

[MetalliC]

it wasnt the encryption i was thinking about, it was the possibility of replacing the romboard with a scsi device of some type.

answer still the same - why not look at emulators source code ?

the ponit is, if the game is using scsi to get data

they don't

it may be relativly easy to create a virtual drive with ram - like a naomi dimm unit.

NAOMI cartridges and DIMM board works exact same in term of data transfer.
most types of carts uses ~60 signal lines from 100pin connector, no idea why it might be easier.

 

[TechnicalMonkey]

Andygeezer has decrypted roms available for Model 3. Not sure about Model 2. And no, they're not free ...

Would it be possible to convert a board to fighting vipers 2? Does it have to be the same stepping?

 

[Darksoft]

In most cases step must be the same. Only exception I remember is model3 step 2 and step 2.1

 

[nem]

Would it be possible to convert a board to fighting vipers 2? Does it have to be the same stepping?

It is possible, yes. It has to be the same step. I personally used a cheap Virtua Striker 2 board.

 

[TechnicalMonkey]

@nem but what about the security protection? Are you saying that the converted ROM images are out in the wild?

 

[nem]

@nem but what about the security protection? Are you saying that the converted ROM images are out in the wild?

You'll have to ask either Arcademodbios or Andygeezer for them. They're not in the wild.

 

[Hammy]

I should be able to share pilot kids and zero gunner at some stage but need to check the files for 'water marks'
Don't want to drop the spy in the shit now do we