CPS2 not much left to do
When I originally wrote the key searching program, that was on the assumption that the key for the second Feistel network was 96 bits long.
Each (E,D) pair reduces the key space by a factor of about 216, so to isolate the correct key with good confidence one would need at least 96/16 = 6 (E,D) pairs.
The big problem is finding those pairs. Remember that they must be at compatible addresses, that is addresses whose bottom 17 bits are the same. This is a serious limitation, because the code of several games only covers a range of 0x80000 bytes, which would give a maximum of 4 pairs at any address. For the Super Puzzle Fighter 2 games, the range is just 0x40000 bytes, giving just 2 pairs per address.
One can find hundreds, even thousands of of (E,D) pairs, but if they are not at compatible addresses they are of no use to find the key using this attack.
However, now we know that the key actually has only 64 significant bits, some of which are repeated. I therefore rewrote the program to take that into account. This means that only 4 (E,D) pairs are needed to isolate the key.
Also, I made several important optimisations that I missed the first time around, like caching intermediate results and speeding up the s-boxes calculations by using precalculated tables (this last optimisation also made into MAME so the decryption when loading a game is now faster).
The end result is a program that is orders of magnitude faster than the previous one.
Now it takes just 15 seconds to find the key given 8 (E,D) pairs. With 5 pairs, which was just plain impossible before, it takes 5 minutes. With 4 pairs, 35 minutes.
These improvement made it simple to find most of the remaining keys, even for games that didn't have a matching revision already decrypted (most notably some of the Steeet Fighter Zero versions).
But there's more: the program is now fast enough to go one step further, and look for the key with just 3 pairs. Of course 3 pairs are not enough to isolate the right key: they only reduce the key space by about 248, therefore leaving about 216 keys which are compatible with the data. Once a 64-bit key for the second Feistel network is selected, the compatible 64-bit master keys can then be easily generated, and used to verify other (E,D) pairs at different addresses. This allows to find the correct key in less than one day, and I had to use this extended attack for a couple of the most problematic games.
In the meantime, Andreas Naive has been busy implementing the attack he had described on his blog, and was able to find the keys for two of the Super Puzzle Fighter 2 games. Unfortunately, the attack failed on the third. Work is still in progress on that one, and there is some hope that the key will eventually be found.
The only other games that are missing a key are the two CPS2 versions of Mega Man. There is no decrypted CPS2 version of that game to compare with, and the CPS1 version seems to be too different to be able to find good pairs.
posted by Nicola Salmoria @ 1:06 PM
6 comments
6 Comments:
Egregio dott. Salmoria,
mi chiamo Oliver Broggini e sono un giornalista del Corriere del Ticino (quotidiano della Svizzera italiana). Sull'edizione cartacea di domani, pubblicheremo una mia intervista a Matteo Bittanti sul tema del Digital game canon (se le interessa, da domani potrò inviargliela in formato .pdf). Frugando per la rete, sono poi venuto a conoscenza del suo progetto Mame e di alcune delle incredibili peripezie che ne hanno permesso la realizzazione. Se le interessa, vorrei proporle un'intervista a tutto tondo sull'iniziativa: mi risponda all'indirizzo o.broggini@gmail.com
Egregio Dott. Salmoria,
sono un appassionato di Mame.
Sul vecchio computer che avevo avevo le versione mame32 da 0.60 alla 0.96 che giravano tutte bene (s.o. win98). Da 1 anno ormai ho un nuovo computer con winXP. Queste versioni su winXP non sono motlo stabili, spesso le roms vengono caricate ma non si vede il gioco (mentre con win98 si vedevano9, oppure mi va in crash il monitor, come devo fare? Scaricare una delle ultime versioni, o l'ultimissima mame32 0.119 potrebbe essere una soluzione?
Grazie per l'attenzione, ancora complimenti e lieto che l'inventore di questo emulatore che mi riporta indietro di 20 anni sia italiano come me. la mia e-mail è gioiallo@hotmail.com
Nicola> Just incase you didn't get my reply to your mail (03/12/07), Aaron says he DID reply to your original email, but it seems like your provider (and several others in Italy?) are silently blocking mail, including mail directly from him. Luca and Kale have reported a similar problem.
Nicola,
scusami se ti do del tu, ma vorrei chiederti gentilmente se sei disposto a rilasciare una interview a tempo perso per il sito di collezionisti più grande d'europa.
www.gamescollection.it
Siamo una comunità di persone adulte, con la passione del retrogaming alla sua massima potenza, e di sicuro siamo spendaccioni :D
Ti prego, se sei interessato, fammi sapere qualcosa a daniele.fiorentini@gmail.com
Ho provato ad usare il form su MameDev ma non c'è verso di mandarti una mail, questa rimane la mia ultima chanche.
Per l'interview, niente di che, poche domande sul fenomeno arcade, visto e considerato che ogni membro della community in casa ha tonnellate di robe arcade...quindi condividiamo la passione.
Grazie infinte, che Dio ti benedica.
Daniele
G'day!
Love this MAME stuff! I've been with you guys since the beginning!
If you're the person who deals with the Genpei ToumaDen ROMsets, then you should know that under the Dip Switches menu, the first Unknown option, when set to On, allows you to select your opening stage after the introduction.
Not much, but it's a little something in return for all the years of fun you've given us!
Hello Nicola!
I've found your blog using Google. Do you remember Amiga times?
I am a member of AROS development team (http://aros.org) and i'd like to ask you about MFS handler you wrote in 1995. Do you still have its source code somewhere? It would be very nice if you would allow us to use it as part of our system. Or at least tell us the alrogythm it uses.
Please contact me by email: sonic_amiga at rambler.ru
or:
pavel.fedin@gmail.com
Kind regards.
Post a Comment
<< Home