naomi netboot roms

[fsckewe]

Well, this thread has been fully fucking derailed. I already typed this up so might as well post it....

For those playing along, here is SegaTetris.

I have a netbootable SegaTetris.bin I got from one of the mega links floating around on here. I'll be looking at that file and one concat'd from mame 0.198

Files used here:

$ md5sum SegaTetris.bin
3706724f7163d184d90fd13ab4c07b2c SegaTetris.bin

$ md5sum segatetris-mame.bin
fe1d5f7859adb60209d953afc9ee52e0 segatetris-mame.bin

:~/Desktop/segatetris/sgtetris$ ls -al
-rw-rw-r-- 1 2097152 Dec 24 1996 epr-22909.ic22
-rw-rw-r-- 1 8388608 Dec 24 1996 mpr-22910.ic1
-rw-rw-r-- 1 8388608 Dec 24 1996 mpr-22911.ic2
-rw-rw-r-- 1 8388608 Dec 24 1996 mpr-22912.ic3
-rw-rw-r-- 1 8388608 Dec 24 1996 mpr-22913.ic4
-rw-rw-r-- 1 8388608 Dec 24 1996 mpr-22914.ic5
-rw-rw-r-- 1 8388608 Dec 24 1996 mpr-22915.ic6

Making the mame bin:

$ cat epr-22909.ic22 > segatetris-mame.bin

$ dd if=/dev/zero bs=1 count=$((0x600000)) >> segatetris-mame.bin
6291456+0 records in
6291456+0 records out
6291456 bytes (6.3 MB, 6.0 MiB) copied, 9.39749 s, 669 kB/s

$ cat mpr-2291* >> segatetris-mame.bin

-rwxrwxrwx 1 58786226 Aug 29 2018 SegaTetris.bin
-rw-rw-r-- 1 58720256 Jun 2 13:45 segatetris-mame.bin

The bin created from mame as noted above(fe1d5f7859adb60209d953afc9ee52e0) does NOT netboot. The naomi system reboots to a black screen. The SegaTetris.bin (3706724f7163d184d90fd13ab4c07b2c) does successfully netboot. Using vbindiff, these are the first and notable deltas. (There is a large chunk of data at the end of the SegaTetris.bin and does not exist in mpr-22915.ic6. We will note that, but ignore it for now.)

So, two things are clearly NOP'd out and other instructions replaced. One can stuff these into https://onlinedisassembler.com/odaweb/ for a quick and dirty look at what the change in opcodes does.

08 43
FA 11

00 02
80 03

If you notice, this is very early in the bin....starting ~0x1310. I created the mame bin by copy epr, fill 0x600000 with /dev/zero, then copy the mpr's. A common technique is to just copy the epr X number of times to fill 0x800000. And that is what was done with SegaTetris.bin. But I noticed something. The change in bytes detailed above were not repeated the 4 times the epr would have been copied into the .bin. So let's look at the first two chunks of 0x200000 data.

$ dd if=SegaTetris.bin of=st1.bin bs=1 count=$((0x400000))
$ dd if=st1.bin of=st-first2.bin bs=1 count=$((0x200000))
$ dd if=st1.bin of=st-second2.bin bs=1 skip=$((0x200000)) count=$((0x200000))
$ vbindiff st-first2.bin st-second2.bin

The modification was performed in the first chunk of epr copied, but not the second. (the same holds true for 3rd and 4th chunks.)

So what do these modifications do?

$ sh4-linux-gnu-objdump -D -b binary -m sh -EL st-first2.bin | grep -B2 -A12 -w 131c

    1318: 31 d6        mov.l 0x13e0,r6 ! e476
    131a: 30 de        mov.l 0x13dc,r14 ! 3800000
    131c: 09 00        nop
    131e: e3 64        mov r14,r4
    1320: 32 d5        mov.l 0x13ec,r5 ! c400000
    1322: 33 d2        mov.l 0x13f0,r2 ! c0611fa
    1324: 13 97        mov.w 0x134e,r7 ! 1234
    1326: 30 d6        mov.l 0x13e8,r6 ! 101b2
    1328: 0b 42        jsr @r2
    132a: e3 64        mov r14,r4
    132c: 2d d3        mov.l 0x13e4,r3 ! c0642c4
    132e: d3 65        mov r13,r5
    1330: 2b d6        mov.l 0x13e0,r6 ! e476
    1332: 09 00        nop
    1334: e3 64        mov r14,r4

$ sh4-linux-gnu-objdump -D -b binary -m sh -EL sgtetris/epr-22909.ic22 | grep -B2 -A12 -w 131c

    1318: 31 d6        mov.l 0x13e0,r6 ! e476
    131a: 30 de        mov.l 0x13dc,r14 ! 2000000
    131c: 0b 43        jsr @r3
    131e: e3 64        mov r14,r4
    1320: 32 d5        mov.l 0x13ec,r5 ! c400000
    1322: 33 d2        mov.l 0x13f0,r2 ! c064308
    1324: 13 97        mov.w 0x134e,r7 ! 1234
    1326: 30 d6        mov.l 0x13e8,r6 ! 101b2
    1328: 0b 42        jsr @r2
    132a: e3 64        mov r14,r4
    132c: 2d d3        mov.l 0x13e4,r3 ! c0642c4
    132e: d3 65        mov r13,r5
    1330: 2b d6        mov.l 0x13e0,r6 ! e476
    1332: 0b 43        jsr @r3
    1334: e3 64        mov r14,r4

$ sh4-linux-gnu-objdump -D -b binary -m sh -EL st-first2.bin | grep -B2 -A12 -w 13dc

    13d8: 90 2f        mov.b r9,@r15
    13da: 02 0c        stc sr,r12
    13dc: 00 00        .word 0x0000
    13de: 80 03        .word 0x0380
    13e0: 76 e4        mov #118,r4
    13e2: 00 00        .word 0x0000
    13e4: c4 42        .word 0x42c4
    13e6: 06 0c        mov.l r0,@(r0,r12)
    13e8: b2 01        .word 0x01b2
    13ea: 01 00        .word 0x0001
    13ec: 00 00        .word 0x0000
    13ee: 40 0c        .word 0x0c40
    13f0: fa 11        mov.l r15,@(40,r1)
    13f2: 06 0c        mov.l r0,@(r0,r12)
    13f4: 00 10        mov.l r0,@(0,r0)

$ sh4-linux-gnu-objdump -D -b binary -m sh -EL sgtetris/epr-22909.ic22 | grep -B2 -A12 -w 13dc

    13d8: 90 2f        mov.b r9,@r15
    13da: 02 0c        stc sr,r12
    13dc: 00 00        .word 0x0000
    13de: 00 02        .word 0x0200
    13e0: 76 e4        mov #118,r4
    13e2: 00 00        .word 0x0000
    13e4: c4 42        .word 0x42c4
    13e6: 06 0c        mov.l r0,@(r0,r12)
    13e8: b2 01        .word 0x01b2
    13ea: 01 00        .word 0x0001
    13ec: 00 00        .word 0x0000
    13ee: 40 0c        .word 0x0c40
    13f0: 08 43        shll2 r3
    13f2: 06 0c        mov.l r0,@(r0,r12)
    13f4: 00 10        mov.l r0,@(0,r0)

Making these changes detailed above in (3706724f7163d184d90fd13ab4c07b2c) SegaTetris.bin to (fe1d5f7859adb60209d953afc9ee52e0) segatetris-mame.bin makes the later netboot'able.

Now to find out what is being modified and why. To be continued...

 

[brizzo]

And just like that, @Finisterre takes the path of being petty and putting himself into isolation to then cry and complain the only people who can answer his questions are being mean and withholding information.

I really don't understand it

 

[brizzo]

One can stuff these into onlinedisassembler.com/odaweb/ for a quick and dirty look at what the change in opcodes does.

Check out the program 'unidasm' that is included with MAME, if you're compiling from source use "make TOOLS=1 -j5"

 

[fsckewe]

looooooool... Let me guess, pissing on my parade isn't worth you time?

I don't see any reason why I would want to?

You wouldn't. Just trying to make light of the situation a little bit. It was getting a bit too stuffy in here That's all.

Perhaps I'm reading to much into it.

110% -- I spent a solid 15 minutes thinking of the best way to try and explain it. I look at my post as trying to be helpful, but some see it as condescending. Problem is I'm trying to summarize a topic that could span several books of my own words into a paragraph or two

This is well noted. I'm not asking for a dissertation. Just some bread crumbs to get me started.

One can stuff these into onlinedisassembler.com/odaweb/ for a quick and dirty look at what the change in opcodes does.

Check out the program 'unidasm' that is included with MAME, if you're compiling from source use "make TOOLS=1 -j5"

Much like the mention of mame debugger + IDA, tool sharing is also helpful. Thanks.

 

[Darksoft]

cool down period. This is derailing.

 

[Finisterre]

And just like that, @Finisterre takes the path of being petty... I really don't understand it

lol I was being petty? By pointing out that one of your attributes is being pompous? So your continual browbeating hasn’t been petty all along ? Ok Brizz. Glad @fsckewe is able to extract some venom from milking you snakes

Glad you always happy to double down Briz. Hope you having a nice day. And seriously thanks for sharing one iota of information it is really out of character for you.

 

[idc]

Maybe poking the wasps' nest isn't the best way to go about things if you don't want to get stung. Calm it down, please.

 

[mR_CaESaR]

https://mega.nz/#F!lg4TTIrL!Bs03RF6fYjoUg1YYUt70Dw
Is it OK for download ?

My ROMs folder is about 22Go, with all Naomi, Chihiro, Triforce and Atomiswave known ROMs. There's some duplicates, I have to purge my folder. No name changed.
Now I'm uploading, you have to wait for ROMs later in alphabetic order .
If you see something missing, just tell me and I'll add it.

Just wanted to say thanks for the link.

I'm in the process of trying to get a net dimm for netbooting so this is quite valuable.

Thanks.