It is now confirmed that the CPU is a 68000.
Thanks to the bootleg, I was able to figure out the decryption algorithm. It is quite straightforward, and it involves:
- Address scrambling. When the CPU wants to read a word from logical address N, it fetches it from ROM space at address N'. The scrambling of the address requires 16 conditional XORs with 16-bit values.
- Data bits permutation. After reading the word from ROM, the order of its bits is altered. There are 16 possible permutations; which one to use depends trivially on the logical address.
- Data XOR. After changing the bit order, the value is XORed with one of 16 other values. Which one to use depends trivially on the logical address.
While working on Pcket Gal Deluxe, I was hoping that the DE102 would use a fixed key, which would have emant free decryption of a few other games. Unfortunately, this turned out to not be the case. The algorithm surely is the same, but the key is different.
Determining the key without having a decrypted version to compare with is a lot more difficult, as you can imagine. Also, it seems that at least one of the other games encrypts data and opcodes differently, which makes things a lot more complicated.
In the next days, I'll see if I can find a way to break the key somehow.
13 comments:
Just out of interest, what other games are known to use the DE102?
Ice
From Guru's site:
Unknown main CPU on Diet Go Go, Boogie Wings, Double Wings, Pocket Gal DX
Is there any common code that could be used between all of the games? Don't the 68k games have a program header / vector table that should be similar?
Good luck Nicola...
Good luck! Thank you for all your hard work on MAME
Amazing. Nicola is great.
Just out of curiosity; how are the bootleggers able to decrypt all these encrypted games? I mean, are the bootleggers that much clever than the mame devs? I relly doubt they are... So is it down to resources?equipment? or other means like leaks from manufacturers? Pure luck? Or what?
If you have direct access to the PCB and good equipment, things are a lot easier, because you can see how the working version behaves.
99% of the time, mamedevs work without access to the hardware so they can't check anything.
GOOD LUCK! Nicola is in histroy.
99% of the time without the real board/hw? That ratio sounds pretty high to me since I'm sure many of them work with Guru to check and verify behavior of the boards in his possesion, follow traces, voltages, logic I/O etc in addition to actually dumping the roms...
Does Mamedev not have any working DE102 originals? I think the bootleggers probably had better and more expensive equipment, time and motivation to do the job. It was their job after all, and the rewards were actual cash in their pockets.
Anyhow...
Right, because "following traces and voltages" is really relevant when it comes to emulating a game. Tell you what - buy yourself a clue as to how drivers are really developed, then c'mon back and play with the big boys.
Incidentally, the above post was directed towards the Anonymous post above the above post. I'd never slag off Nicola's work.
that I can say, is a great advance to which it comes to future, now a a little difficult way comes, to try by the original ones
Following traces and voltages *is* really relevant when it comes to emulating a game.
Why don't you look at Nicola's post on how he fixed the great swordsman colors?
Why don't you look at some of the work that has been done recently with discrete hardware?
Dev's get Guru to verify board behavior and check random thigns on the actual board more than you think!
I have a clue, kthx.
Post a Comment