Disussion avec Charles sur de futurs projet de hacking...
#1

Voici les quelques échanges que j'ai eu avec Charles MacDonald pour bosser sur un éventuel adaptateur ou d'éventuels sets pour toutes les plateformes SEGA à  base de Hitashi FD1094 (le FD1089 étant facilement hackable!)



...ayant évidemment leur pile HS...







1er Mail:



> - For FD1089, i have understand that it's possible to make a 68K working with a

> decrypted rom...Am i wrong ?



Yes. You need to replace the program ROMs with ROMs that are exactly

twice as large, and store the decrypted data in one half and decrypted

opcodes in the other. Then the high order address line is driven by

the FC1 pin of the 68000 (maybe you'd need a buffer or synchronize it

with the CPU clock, but it would be very simple to do)



This is because you can decrypt all of the game program at once, so

you don't need to 'simulate' the actual decryption that the FD1089

does.



> - For FD1094, it seem to be more harder (impossible?)...can i dream to make a

> decrypted rom set of super monaco working with a standrad 68K? why not trying

> to make a TTL adaptator branched on 68K DMA to "modify" what is need to be

> modified! (i'm good at electronic and TTL chip but your work is very "confused"

> du of his dificulty! )



In this case, the data that is extracted from the FD1094 is the key

used by the decryption hardware, so to make a FD1094 replacement, it

would have to implement the decryption logic itself.



The decryption is closely tied to the 68000 and could not be

implemented externally. You'd have to use a FPGA with a modified 68000

processor core. This would be a *lot* of work and AFAIK there are no

'free' 68000 cores (I've been doing some FPGA work recently, and may

try this at some point)



The main problem is that there are several ways that the same

encrypted program ROMs can be decrypted. This is affected by the game

code itself.



One method (I did this for Tetris) is to manually go through the

program and combine the different decrypted pieces of code together,

to make a single decrypted ROM that will work on a 68000.



You can never be 100% sure that you've put all the right pieces

together (in theory), however realistically all games do a few

encryption 'changes' during startup, and never change again. So it is

actually quite easy to identify this.



I was thinking of putting up a section at my webpage with some tools

and an explanation of how to do this, so people with a little 68000

knowledge could make patched ROM sets like this. Do you think that

would be useful?



> ...i think about make an adaptator switching the data bus bits correctly when

> it's needing! (or adress bus)

> ...Or does i need a little RAM chip to do another things? (your famous state bit

> for 1094?)



You'd need all that; plus some way to monitor which instructions are

executed (the RTE and CMPI.L instruction) which is nearly impossible

to do because of the prefetch queue. The decryption logic is closely

tied to the internal state of the 68000 which isn't possible to

determine from the outside - that's why I think the only solution

would be your own modified 68000 processor core, and the only way to

physically implement that would be on an FPGA.



> The best result for your work is to make a real hardware working without HITASHI

> and not "emulating" on computer (it's great and very kind for all guys who

> haven't got the luck to own a real machine to make the dream come true on MAME,

> but think about SEGA hardware golden area wich become to died )



Yeah, I have a dead Alien Storm board myself, and would like to get it

working someday. Smile



Regards,



-- Charles









2ème mail:







> - You mean FD is a real custom 68K (with his own opcodes???)...So the

> Program ROMs ares not "encrypted", there are FD68K designed Smile !!!???



Well, it's a regular 68000 but customized in the sense that some

instructions (RTE and CMPI.L #$imm32, d0), and the 68000's interrupt

management control some aspects of the decryption logic.



> - Why a custom 68K core for hacking dead hardware?



Because there would be no way through external circuitry to make a

68000 act like the FD1094 does.



> - ...for my poor level of computer designed, i know that an opcode is a

> logic group of data (so electricaly, a group of 16Bits binary state on the

> data bus of the CPU)...So why not filtering theses "custom" (???) opcodes

> with TTLs or GAL on a custom little PCBmounted on the 68K soket??? ...or a

> 2x 68K pcb with one making valid code for the other with little RAM and

> TTLs...(easy to say but it seem to be great !)...or directlly ROM patched

> with static walid code...(as i understand, it's more remake a complete game

> unlike patching Smile )



It would take a lot of logic, you'd have to monitor all data fetched

by the 68000 and somehow guess what it's doing to the prefetch queue

to know what data is discarded (e.g. after a branch) and what data was

actually used.



That's the core of the problem, just trying to figure out which

instructions are being executed. Because the 68000 reads several words

at once, it isn't possible to know.



> - ...a section on your web site to explain in detail how the FD work will be

> very necessary. A result of your good work "black on white" Wink ...



Ok, I'll work on that, at some point.



Regards,



-- Charles







...Un personnage vraiment sympa et doué qui plus est Wink

... It's a long way to the top if you wanna rock'n'roll ...
Répondre


Messages dans ce sujet
Disussion avec Charles sur de futurs projet de hacking... - par Jammaster - 01-08-2005, 11:48 AM
Disussion avec Charles sur de futurs projet de hacking... - par metal_chimiste - 01-08-2005, 12:11 PM
Disussion avec Charles sur de futurs projet de hacking... - par Jammaster - 01-08-2005, 12:15 PM
Disussion avec Charles sur de futurs projet de hacking... - par metal_chimiste - 01-08-2005, 12:17 PM
Disussion avec Charles sur de futurs projet de hacking... - par GluThecat - 01-27-2005, 12:07 PM
Disussion avec Charles sur de futurs projet de hacking... - par crebou - 01-27-2005, 12:49 PM

Atteindre :


Utilisateur(s) parcourant ce sujet : 1 visiteur(s)