What's new
By:
Filters

naomi netboot roms

malarrya said:
Sorry to drudge up an old thread again but I did have a question related to the BIN files. Is it possible to netboot Soul Calibur on a Naomi 1? I ask because it seems that not only is this one of the more popular games for the Dreamcast and Arcade but I saw some videos of people who have done this. Thanks and have a wonderful weekend!
Click to expand...
Where did you see said video?

Someone here pointed out that this was a System 256 game, his point was there is indeed a Dreamcast port of Soul calibur: he was asking what sort of wizardry was performed in the video he claims to have seen.

As I understand the reason we can’t currently play Dreamcast games is linked to the uncracked bios CRC algo. I’m likely wrong.
 

Attachments

  • A9A55728-DDB6-438B-A913-40BA03FC6367.jpeg
    A9A55728-DDB6-438B-A913-40BA03FC6367.jpeg
    79.7 KB · Views: 52
Last edited:
So particularly you need to grok the difference between a Naomi Upright Cabinet, and a Naomi system (similar hardware to Dreamcast). The NUC cabinet itself has nothing to do with netbooting. You can put any hardware you want in it.
 
I had not seen this posted and my 2P bat came in today.
Using mame set 0.198.
Referring to this:
https://github.com/mamedev/mame/blob/master/src/mame/drivers/naomi.cpp#L4367
This is netbootable:
$ cat epr-22141b.ic22 epr-22141b.ic22 epr-22141b.ic22 epr-22141b.ic22 mpr-221* > db99.bin

And this:
$ cat epr-21575.ic22 epr-21575.ic22 epr-21575.ic22 epr-21575.ic22 mpr-215* > dbnaomi.bin
 
Last edited:
fsckewe said:
I had not seen this posted and my 2P bat came in today.
Using mame set 0.198.
Referring to this:
https://github.com/mamedev/mame/blob/master/src/mame/drivers/naomi.cpp#L4367
This is netbootable:
$ cat epr-22141b.ic22 epr-22141b.ic22 epr-22141b.ic22 epr-22141b.ic22 mpr-221* > db99.bin

And this:
$ cat epr-21575.ic22 epr-21575.ic22 epr-21575.ic22 epr-21575.ic22 mpr-215* > dbnaomi.bin
Click to expand...
not really, 2 these games is protected. they will boot but hang shortly or show some weird behavior later in game. (I recall Club Kart was funny, in case of failed prot.check - player view was reversed, camera looked backwards).
 
MetalliC said:
fsckewe said:
I had not seen this posted and my 2P bat came in today.
Using mame set 0.198.
Referring to this:
https://github.com/mamedev/mame/blob/master/src/mame/drivers/naomi.cpp#L4367
This is netbootable:
$ cat epr-22141b.ic22 epr-22141b.ic22 epr-22141b.ic22 epr-22141b.ic22 mpr-221* > db99.bin

And this:
$ cat epr-21575.ic22 epr-21575.ic22 epr-21575.ic22 epr-21575.ic22 mpr-215* > dbnaomi.bin
Click to expand...
not really, 2 these games is protected. they will boot but hang shortly or show some weird behavior later in game. (I recall Club Kart was funny, in case of failed prot.check - player view was reversed, camera looked backwards).
Click to expand...
Are these two "protected" in the same way that MarsTV is? Because I am netbooting the M2 protected MarsTV just fine here...
Per our previous conversation here: All the officially released Flavors of the Net City/NAOMI Universal Cab

I noted the segam2crypt which we also already discussed All the officially released Flavors of the Net City/NAOMI Universal Cab

Seems this *problem* has been solved, but folks don't talk, or share openly, as we all know :/

@fsckewe I'll speak to the person that helped me with MarsTV, and see if there is a known / similar solution for Dynamic Baseball.
 

Attachments

  • 7205E63A-EBED-4B9A-ABFD-D73143F7A30A.jpeg
    7205E63A-EBED-4B9A-ABFD-D73143F7A30A.jpeg
    441.5 KB · Views: 54
MetalliC said:
fsckewe said:
I had not seen this posted and my 2P bat came in today.
Using mame set 0.198.
Referring to this:
https://github.com/mamedev/mame/blob/master/src/mame/drivers/naomi.cpp#L4367
This is netbootable:
$ cat epr-22141b.ic22 epr-22141b.ic22 epr-22141b.ic22 epr-22141b.ic22 mpr-221* > db99.bin

And this:
$ cat epr-21575.ic22 epr-21575.ic22 epr-21575.ic22 epr-21575.ic22 mpr-215* > dbnaomi.bin
Click to expand...
not really, 2 these games is protected. they will boot but hang shortly or show some weird behavior later in game. (I recall Club Kart was funny, in case of failed prot.check - player view was reversed, camera looked backwards).
Click to expand...
is this what the patcherv6 "fixes" ?
 
Finisterre said:
Are these two "protected" in the same way that MarsTV is? Because I am netbooting the M2 protected MarsTV just fine here...
Click to expand...
are you really sure it is "just fine" ?
as I see MarsTV for sure read some data using decryption, then compare them with other data, store comparison result, and use it later (in case of failed prot.check it calls some subroutine, not sure what exactly it does)

in general, it was Sega's recommended way of doing protection checks - do NOT instant hang the game if check was failed, but store result, run game as usual, and check it later in game, and make the game somehow un-playable in case of bad check result.


fsckewe said:
is this what the patcherv6 "fixes" ?
Click to expand...
no, D.K. said patcherv6 only fixes "DMA-clash" issues, it doesn't patch the protection checks.
 
Last edited:
MetalliC said:
are you really sure it is "just fine" ?as I see MarsTV for sure read some data using decryption, then compare them with other data, store comparison result, and use it later (in case of failed prot.check it calls some subroutine, not sure what exactly it does)

in general, it was Sega's recommended way of doing protection checks - do NOT instant hang the game if check was failed, but store result, run game as usual, and check it later in game, and make the game somehow un-playable in case of bad check result.
Click to expand...
All I know is the game seems to play as expected from start to finish, I can leave it running for hours on end with no issue.

I'm asking now if I am able to share further.
 
Finisterre said:
All I know is the game seems to play as expected from start to finish, I can leave it running for hours on end with no issue.

I'm asking now if I am able to share further.
Click to expand...
I did some disassembly, and in the case of failed check at each frame MarsTV does like:
various_game_variables_array[rand()] = rand();
i.e. trashing random bytes in memory.
perhaps you need to run it longer, so it will destroy enough bytes ? ;)
 

Attachments

  • 65F65939-8328-43E7-BF4F-AC68F69E5A43.jpeg
    65F65939-8328-43E7-BF4F-AC68F69E5A43.jpeg
    851.6 KB · Views: 48
  • 1C0E2D9C-4242-4B1C-860A-7C6E04338F57.jpeg
    1C0E2D9C-4242-4B1C-860A-7C6E04338F57.jpeg
    76.7 KB · Views: 49
  • 403F58B9-1506-489E-B63A-9F45B9D12587.png
    403F58B9-1506-489E-B63A-9F45B9D12587.png
    50.2 KB · Views: 49
Last edited:
Sweet mother of baby jesus, yes I'll open my stuff soon please give me a few weeks to post everything.
I just moved to Seattle and everything was in boxes :P but I can post some stuff this weekend before I get dragged to Boston cause of work.


the GHidra is going to be a pain since I don't own the project but my IDA Pro Loader, and the binary ninja stuff and my notes on how everything is actually setup!


FTR @Finisterre has been nagging me for months to open it, #shrug .. sorry for being slow :] but it'll open up :D
 
fsckewe said:
fsckewe said:
MetalliC said:
fsckewe said:
is this what the patcherv6 "fixes" ?
Click to expand...
no, D.K. said patcherv6 only fixes "DMA-clash" issues, it doesn't patch the protection checks.
Click to expand...
I see now. So when do we have an IDA/BN/ghidra screen share session to walk thru all of this ;)
Click to expand...
sooooo, is that a no?
Click to expand...
what exactly you asking for ?

I'm not interested to do "screen share sessions" for people entertainment, go watch Twitch/Netflix/etc instead :P
 
I am asking if you are interested in sharing information on said protection checks. Is it typically in the epr? Is it elsewhere? What would one be looking for? For example, in x86, there are only a handful of ways to get eip and spotting those patterns in asm can become apparent. What do these protection checks look like in a debugger/disassemble? What would one be looking for? Etc.

I, personally, would like to remove these protection checks in Dynamite Baseball Naomi. Perhaps if I can glean some useful information by utilizing a small portion of your time, I could do the same for other games. As we all know, not all games have been made netbootable. And one of those reasons is defeating these protection checks. Perhaps it would help a much wider audience.
 
I don't think there is a practical way to completely answer the questions you're asking. Reverse engineering and patching games is a skill that requires a very deep knowledge on many subjects. When it comes to Naomi/AW/DC the difficulty level is 9/10. If you have to ask the questions you're asking, you're missing many pieces of the puzzle needed to do the job.

But I will give some insight anyways:

Is it typically in the epr? 'Protection checks' are software based in code. IC22
What would one be looking for? MetalliC described above that marstv reads from the memory mapped device that provides data decryption (reading from a specific memory address, fully outlined in mame). Debuggers have 'watch points', which helps you determine when executing code reads from specific memory addresses. In the case of marstv, if the result from decryption is wrong, it sets a flag in ram (also a specific memory address). Once you know where that flag is written, you set another watch point on that address and wait until the code reads the flag from ram.
What do these protection checks look like in a debugger/disassemble? Most games it is unique; sometimes the same code is re-used by developers who made multiple games. Sometimes there are hundreds of checks that need to be patched. Sometimes there is polymorphic code that cannot easily be found or noticed. There is no easy solution, each game requires very extensive work to solve. It is important to keep in mind protection is not often designed to be easy to solve.

Skill building advice:
- Using the MAME debugger on a simple processor like Z80 or 6502 to help understand how it works
- Write your own emulator for a simple processor, it will help you learn many important aspects of dedicated design computer systems
- Write a program in SH4 assembly that uses system peripherals
 
You must log in or register to reply here.
Back
Top