bobbydilley
Grand Master
A few times over the past few years I've dabbled in looking at what it would take to emulate the Namco System 246 on the PCSX2 emulator. Though random posts on various forums I've also gotten a few messages asking about if I ever got anywhere with it, so I thought this would be a good place to write everything down and see if anyone has any ideas. I definately don't have the skills to do it myself, but thought I'd start a conversation about it if only for someone more skilled to help explain to others why it cannot be done.
The PCSX2 emulator (a playstation 2 emulator) is capable of booting the BIOS from the Namco System 246. It crashes if you try to boot the BIOS from the Namco System 256. You can find the bios if you google 'namco system 246 bios mame'. Take the file from within the .zip file and place it in the 'bioses' folder in your PCSX2 installation and then you'll be able to load from it.
Here is an example video of someone playing with it:
View: https://www.youtube.com/watch?v=k9mZFZ16H1E
After the BIOS boots, it tries to load a program from the 'dongle' which is a magicgate memory card. Images of the dongles can be found here: https://www.arcade-projects.com/threads/sys2x6-usb-dongle-rollup-pack.6743/
The bios loads from the memory card in slot one, so make sure you insert it there in the emulator.
As a side note: In the bios it refers to files with the medium they are on, a colon and then the file name. For example `rom0:TESTMODE` refers to a TESTMODE binary in the bios (the test mode binary just displays colour bars), `mc0:boot.bin` refers to a file called boot.bin on a memory card in the first slot.
The program the bios will try to load is `mc0:boot.bin`. This is boot.bin on the memory card in slot one. When it cannot load this file it'll display a series of different error messages depending on why:
Dongle Driver Load Fail - I made it display this by changing mc0:boot.bin to cdrom0:boot.bin, you can guess what this means.
Dongle Card Does Not Exist or Is Not Right - It will display this if there is no memory card inserted, or one that is 'curroupted'.
Boot File Not Exit - It'll display this with a blank memory card inserted.
Boot File Is Not Right - It'll display this when an arcade dongle dump is inserted. It'll also display this if you change `mc0:boot.bin` to something that it has on the room e.g `rom0:TESTMODE`, as it can access it but it's not 'right' (whatever right means).
So my question is, what about `boot.bin` in the arcade dongle dump is not right? What makes a file 'right'?
I am aware that there is some sort of magicgate protection applied to these memory cards, but I am unaware at what level this is applied or how it works. The memory card dump can be displayed, and so the entire thing isn't encrypted. This contains some files that are clearly ELFs (TK4GAME for example), and others that I'm unsure what format they are (boot.bin, TK4LOAD).
The python source code for mymc.py which can list these files is here: http://www.csclub.uwaterloo.ca:11068/mymc/index.html
When extracting boot.bin and looking at it, there is a lot of what looks like possibly encrpyted/compressed data with some words that are broken up.
https://wiki.pcbotaku.com/wiki/Category:Sys246
The link above claims that:
I've heard that the boot.bin files have unique 32 bytes that ties them into the magicgate encryption chip on the donglee?
I'd like to understand exactly how the magicgate chip is able to decrypt a single file, and also why the encryption algorithm leaves pretty much plain text at the end of boot.bin.
--
It's worth noting that even if this gets solved, there are still some other problems: https://github.com/mamedev/mame/blob/master/src/mame/drivers/namcops2.cpp#L171
The RAM32 PCB that it loads CDROM data into needs to be sorted. This looks like it's probably just some memories, so shouldn't be too hard to add into the emulator.
The 'Namco MOTHER PCB' would need to be emulated, and this is a large board that would likely require some real skill to do.
HLE JVS emulation will need to be done (but this should be fairly easy, as it's well known about)
Any advice / comments / questions would be really appreciated on this!
The PCSX2 emulator (a playstation 2 emulator) is capable of booting the BIOS from the Namco System 246. It crashes if you try to boot the BIOS from the Namco System 256. You can find the bios if you google 'namco system 246 bios mame'. Take the file from within the .zip file and place it in the 'bioses' folder in your PCSX2 installation and then you'll be able to load from it.
Here is an example video of someone playing with it:
After the BIOS boots, it tries to load a program from the 'dongle' which is a magicgate memory card. Images of the dongles can be found here: https://www.arcade-projects.com/threads/sys2x6-usb-dongle-rollup-pack.6743/
The bios loads from the memory card in slot one, so make sure you insert it there in the emulator.
As a side note: In the bios it refers to files with the medium they are on, a colon and then the file name. For example `rom0:TESTMODE` refers to a TESTMODE binary in the bios (the test mode binary just displays colour bars), `mc0:boot.bin` refers to a file called boot.bin on a memory card in the first slot.
The program the bios will try to load is `mc0:boot.bin`. This is boot.bin on the memory card in slot one. When it cannot load this file it'll display a series of different error messages depending on why:
Dongle Driver Load Fail - I made it display this by changing mc0:boot.bin to cdrom0:boot.bin, you can guess what this means.
Dongle Card Does Not Exist or Is Not Right - It will display this if there is no memory card inserted, or one that is 'curroupted'.
Boot File Not Exit - It'll display this with a blank memory card inserted.
Boot File Is Not Right - It'll display this when an arcade dongle dump is inserted. It'll also display this if you change `mc0:boot.bin` to something that it has on the room e.g `rom0:TESTMODE`, as it can access it but it's not 'right' (whatever right means).
So my question is, what about `boot.bin` in the arcade dongle dump is not right? What makes a file 'right'?
I am aware that there is some sort of magicgate protection applied to these memory cards, but I am unaware at what level this is applied or how it works. The memory card dump can be displayed, and so the entire thing isn't encrypted. This contains some files that are clearly ELFs (TK4GAME for example), and others that I'm unsure what format they are (boot.bin, TK4LOAD).
Code:
$ python mymc.py tekken4-tef3verc.bin ls
rwx--d----+---- 30 2001-09-05 05:36:54 .
-wx--d----+--H- 0 2001-06-02 07:36:43 ..
rwx-f--8--+---- 46224 2001-06-02 07:36:46 boot.bin
rwx-f--8--+---- 86561 2001-06-02 07:36:47 ACLOAD
rwx-f--8--+---- 50 2001-06-02 07:36:47 title.txt
rwx-f--8--+---- 4 2001-09-05 05:35:59 PS2AC02
rwx-f--8--+---- 16 2001-08-09 05:55:11 PS2AC01
rwx-f--8--+---- 22 2001-09-05 05:36:00 PS2AC03
rwx-f--8--+---- 2029568 2001-09-05 05:36:20 TK4DATA
rwx-f--8--+---- 73520 2001-09-05 05:36:22 TK4LOAD
rwx-f--8--+---- 1235329 2001-09-05 05:36:31 TK4GAME
rwx-f--8--+---- 126002 2001-09-05 05:36:33 FPGA
rwx-f--8--+---- 32644 2001-09-05 05:36:34 JVFIRM
rwx-f--8--+---- 44589 2001-09-05 05:36:36 PADMAN
rwx-f--8--+---- 25317 2001-09-05 05:36:37 LIBSD
rwx-f--8--+---- 9081 2001-09-05 05:36:38 SDRDRV
rwx-f--8--+---- 6429 2001-09-05 05:36:39 ACCORE
rwx-f--8--+---- 2477 2001-09-05 05:36:40 ACFPGALD
rwx-f--8--+---- 2005 2001-09-05 05:36:41 ACJVLD
rwx-f--8--+---- 1625 2001-09-05 05:36:42 ACJV
rwx-f--8--+---- 4885 2001-09-05 05:36:43 ACRAM
rwx-f--8--+---- 1249 2001-09-05 05:36:44 ACSRAM
rwx-f--8--+---- 2073 2001-09-05 05:36:45 ACMEM
rwx-f--8--+---- 5861 2001-09-05 05:36:46 ACMEME
rwx-f--8--+---- 2681 2001-09-05 05:36:47 ACTIMER
rwx-f--8--+---- 11309 2001-09-05 05:36:48 ACATA
rwx-f--8--+---- 34649 2001-09-05 05:36:49 ACCDVD
rwx-f--8--+---- 80009 2001-09-05 05:36:51 IOPRP21A
rwx-f--8--+---- 83725 2001-09-05 05:36:53 MCMANAC
rwx-f--8--+---- 2849 2001-09-05 05:36:54 RWCFGACThe python source code for mymc.py which can list these files is here: http://www.csclub.uwaterloo.ca:11068/mymc/index.html
When extracting boot.bin and looking at it, there is a lot of what looks like possibly encrpyted/compressed data with some words that are broken up.
https://wiki.pcbotaku.com/wiki/Category:Sys246
The link above claims that:
- only boot.bin is affected by magic gate on system246, it loads another file within the FS which is a lamely xored ELF file, and that one is the game boot
I've heard that the boot.bin files have unique 32 bytes that ties them into the magicgate encryption chip on the donglee?
I'd like to understand exactly how the magicgate chip is able to decrypt a single file, and also why the encryption algorithm leaves pretty much plain text at the end of boot.bin.
--
It's worth noting that even if this gets solved, there are still some other problems: https://github.com/mamedev/mame/blob/master/src/mame/drivers/namcops2.cpp#L171
The RAM32 PCB that it loads CDROM data into needs to be sorted. This looks like it's probably just some memories, so shouldn't be too hard to add into the emulator.
The 'Namco MOTHER PCB' would need to be emulated, and this is a large board that would likely require some real skill to do.
HLE JVS emulation will need to be done (but this should be fairly easy, as it's well known about)
Any advice / comments / questions would be really appreciated on this!
Last edited:
