The following statement came from Nicola Salmoria's "Mame Ramblings" site:
Snowball effect:
As you might already have seen on Haze's WIP, yesterday I succeeded in decrypting Gardia and Space Position.
This was an interesting case of pieces falling into place rapidly one after another.
The first piece was the decryption of Calorie Kun, thanks to a decrypted bootleg which was recently found. This didn't look like a particolarly interesting breakthrough at the moment: the encryption algorythm was already known, the key would have been difficult to find by hand but with the reference of the bootleg it could be derived automatically in a few minutes - just the time to write a program.
This renewed my interest in the remaining Sega encrypted games that use this algorithm, in particular Gardia. David Widel revealed that he had decrypted a portion of it months ago, but got stuck and put aside the results without publishing them. Believe it or not, he decrypted most of the code by comparing it with My Hero - even if that's a completely different game, it shares a lot of almost identical code with Gardia.
The data David provided was very useful to get started. Another really useful coincidence was that we have two sets of Gardia (one supposedly being a bootleg, but still encrypted). The two sets are different versions, with code shifted by a few bytes in places. This is an ideal situation when decrypting games that use simple algorithms like this one. When you have decrypted a portion of code in one set, you can use it to decrypt the same portion of code in the other set; but this way you also automatically decrypt some more code in the second set, which is still encrypted in the first set, so you can go back to the first set and decrypt even more code, and so on - you slowly build up the two keys in parallel.
While I was doing this, I rapidly noticed that the key used by the second set for opcodes was identical to the one used by the first set for data. Shortly afterwards, I also noticed that the key used by the second set for data was identical to the one used by the first set for opcodes - just shifted by one byte.
At that point I was on the lookout; I have to admit that I didn't notice it immediately, but eventually I discovered that the keys were actually the same as Calorie Kun, apart from the shift. When I found that, I just copied the whole Calorie Kun keys and I was almost finished - Gardia booted but had some problems. I just had to find a few more bytes at the end of the key to fix them.
Space Position was the easiest of all. At that point I was almost sure it would have used the same key. I checked some bytes of the partial key I had manually derived years ago, matched them with the known key, copied over the data with the appropriate shift, launched the game, and it was already working, on the first try - apart from the emulation issues which Haze later fixed.
This completes the decryption of all currently known Sega games using the "easy" Z80 encryptions. Unfortunately there are a few encrypted Z80 games left, using the suicide MC8123 CPU, which might be lost forever: all boards using the CPU seem to be dead, and the key is just about impossible to find without an hardware attack.1) Does the
BOLD part of the text above indicate that any game which uses the MC8123 CPU can not be found to have workable boards, so they will not be emulated correctly?
I tried to find a list of games which use the MC8123 CPU and found the following:
CPU # Status Game Notes
-------- --- ------------------------ ------------------
317-5012 Ganbare Chinsan Ooshoubu NEC MC-8123A
317-0014 DakkoChan Jansoh
317-0029 Block Gal NEC MC-8123B 651
317-0030 Perfect Billiard
317-0042 Opa Opa
317-0043 [3] Wonder Boy Monster Land
317-0054 [2] Shinobi (sound CPU) NEC MC-8123B 652
317-0057 Fantasy Zone 2
317-0064 [3] Ufo Senshi Yohko Chan
317-0066 [1] Altered Beast (sound CPU)
[3] Ninja Kid II (sound CPU)
[1] Complete, but some uncertain opcode tables above 8000
[2] Data complete for address 0000-7FFF, opcodes partial
[3] Partial tables derived by comparison with bootleg version
****************************************
2) Are the games listed above those which are considered to be "lost forever"?
Home
Help
Search
Login
Register
Send this topic
Print
Topic: Nicola Salmoria's "Mame Ramblings" question for you (Read 1857 times)
