neopcm2

[aquasync]

They beat me, damn it!

Whatever, I just want to see it be public knowledge. I'll have a look at their values, they seem to be all the same.

 

I just finished doing samsho5, and I'll post the info on the watermarks/patches below.

 

It was good practice, for doing other more complicated encryption, and I managed to do the last one without any program as a guide, so I'm getting better

 

------------------

 

the samsho5 decrypted vs:

270-v1d.bin 6849136c 4194304

270-v2d.bin 222e1774 4194304

270-v3d.bin cd9e7adc 4194304

270-v4d.bin 8b305cac 4194304

stuck together

270-v1d.bin e5c71699 8388608

270-v2d.bin 70b7083d 8388608

 

encrypting them gives these:

270-v1.new c8b2a192 8388608

270-v2.new 3a339e67 8388608

 

the encrypted vs:

270-v1.bin 7541763a 8388608

270-v2.bin 4e6e7d98 8388608

 

decrypting those gives:

270-v1d.new 01c97b40 8388608

270-v2d.new ee3063ff 8388608

 

and you can see the differences when encrypted:

--- 270-v1.bin 7541763a 800000

+++ 270-v1.new c8b2a192 800000

0 a0a6 2929

+f52be~100000 da09d7c3 8e8e8e8e

+3cd3f f1f6 fbff

+c32be db 8e

+fffff f8 8e

+1ad81 0000 fff7

+7fdc 0000 fff7

+dd29e 4b 8e

+fffff 49 8e

--- 270-v2.bin 4e6e7d98 800000

+++ 270-v2.new 3a339e67 800000

f52c0~100000 5b4ac3c8 088e8e8e

+1ad3f fab9 febd

+e52be~100000 518221c3 8e8e8e8e

 

or when decrypted:

--- 270-v1d.bin e5c71699 800000

+++ 270-v1d.tmp 01c97b40 800000

0 45 08

+ed40 00 89

+ffff 00 8f

+e12be~100000 45454545 11c21c08

+4cd3f 30 3a

+ffff 34 3d

+a32bf 45 10

+fffff 45 33

+26d5f 34 cb

+8021 82 7d

+7fdd 3c cb

+8021 8a 7d

+c127d 45 80

--- 270-v2d.bin 70b7083d 800000

+++ 270-v2d.tmp ee3063ff 800000

0~100000 45c3454545 8290810803

+2ed3f 35 31

+ffff 76 72

+c12bf 45 9a

+fffff 45 49

+fffff 45 ea

Edited November 30, 2004 by aquasync

[aquasync]

Interesting site, I should be able to properly encrypt my newer roms with some of that info.

 

For what its worth, here are the drivers I was working on (much the same, just less verbose):

 

////////////////////////////

 

// switch bits 16 and 1

#define swap_1_16(i) \

(i & ~0x10001) | \

(i & 1) << 16 | \

(i & 0x10000) >> 16 )

 

void neopcm2_decrypt(byte *data_xor, int addr_xor, int shift)

{

int i;

int v_size = memory_region_length(REGION_SOUND1);

UINT8 *sound = memory_region(REGION_SOUND1), *buf = malloc(v_size);

for (i = 0; i < v_size; i++)

buf[swap_1_16(i) ^ addr_xor] = sound[(i + v_size - shift) % v_size];

for (i = 0; i < v_size; i++)

sound = buf ^ data_xor[i & 7];

free(buf);

}

 

 

/*

known values:

samsh5sp:

data_xor 4ba46346f091ea62

addr_xor 2000

shift 4bc0

 

kof2002:

data_xor f9e05df3ea92beef

addr_xor a5000

shift 0

 

svcchaos:

data_xor c3fd81ac6de7bf9e

addr_xor c2000

shift 53d8

 

samsho5:

data_xor cb297d43d23ac2b4

addr_xor a000

shift 14d40

 

pim:

data_xor c483a85f212764af

addr_xor 1000

shift 31e0

 

mslug:

data_xor c3fd81ac6de7bc9e <= same as svcchaos

addr_xor 4e001

shift 1d30a

*/

 

DRIVER_INIT( samsh5sp )

{

...

UINT8 data_xor[] = {

0x4b, 0xa4, 0x63, 0x46, 0xf0, 0x91, 0xea, 0x62

};

neopcm2_decrypt(data_xor, 0x2000, 0x4bc0);

...

}

 

and so on and so forth, with the other values

 

 

// and the fairly straightforward reversal of the decryption, from neopcm2_tool

void neopcm2_encrypt(byte *data_xor, int addr_xor, int shift)

{

int i;

for (i = 0; i < v_size; i++)

buf = sound ^ data_xor[i & 7];

for (i = 0; i < v_size; i++)

sound[(i + v_size - shift) % v_size] = buf[swap_1_16(i) ^ addr_xor];

}

[Xeon]

hey aqua, can you try making a matrimelee V encrypter?

[iq_132]

However I thank aquasync for all the work he has done

I'd like to second that James Great work aqua

[Gryph]

Even though I didn't use it since I didn't know what the hell was going on, nice work on actually doing it. It's nice to see the scene alive.

[Agozer]

Even though I didn't use it since I didn't know what the hell was going on, nice work on actually doing it. It's nice to see the scene alive.

You didn't know what was going on?

 

Anyways, yes, it's nice to see that people still work with the Neo-Geo on some level or another. I don't use Encrypted sets or rom images, but I'm sure some people get their kicks out of it.

[James]

Even though I didn't use it since I didn't know what the hell was going on, nice work on actually doing it. It's nice to see the scene alive.

<{POST_SNAPBACK}>

You didn't know what was going on?

 

Anyways, yes, it's nice to see that people still work with the Neo-Geo on some level or another. I don't use Encrypted sets or rom images, but I'm sure some people get their kicks out of it.

<{POST_SNAPBACK}>

 

Since Mame FBA can handle encrypted sets and I rather use them. I am greatfull for any work and codes that will get the proper roms working in Mame , FBA

Gameplay is not the only thing about emulation.

 

 

Anyway aquasync there is still a set of V roms to work out and thats kof2003

Edited November 30, 2004 by James

[Agozer]

Even though I didn't use it since I didn't know what the hell was going on, nice work on actually doing it. It's nice to see the scene alive.

You didn't know what was going on?

 

Anyways, yes, it's nice to see that people still work with the Neo-Geo on some level or another. I don't use Encrypted sets or rom images, but I'm sure some people get their kicks out of it.

 

Since Mame FBA can handle encrypted sets and I rather use them. I am greatfull for any work and codes that will get the proper roms working in Mame , FBA

Gameplay is not the only thing about emulation.

Yes yes, I know. You are a passionate supporter of rigorously authentic emulation, right down to encryption routines. It's nice james, it really is.

 

I like authentic emulation too, and encourage it, but I've made an exception when it comes to Neo-Geo.

 

One of the other reason I don't use encrypted sets is that they usually take more space than decrypted ones (Like it matters when I have a 160GB HDD, but still; old habits die hard).

[aquasync]

hey aqua, can you try making a matrimelee V encrypter?

 

Well, yeah, soon as I got the values from that site iq_132 linked, I tried encrypting mslug5 and pim. Neither of them got crc matches though, probably because of some watermarks/patches again.

Ie, i could post an encrypted, but you won't get the crcs you're probably looking for. If anyone has both encrypted and decrypted, we can get a patch of the difference between the encrypted decrypted roms, and the plain encrypted roms (if that makes sense).

But isn't there no good dump of the matrimelee encrypted roms anyway?

 

Anyway aquasync there is still a set of V roms to work out and thats kof2003

Well I could probably do it, but I haven't seen any crcs (let alone a dump) for the encrypted vs. (granted I hadn't been looking).

[Xeon]

not to be stubborn or anything but i wonder if these older set of decrypted V ROMs could do the trick (assuming youve only tried with the KDev ones)

 

v2d - 945F8831

v4d - 393C9A62

 

and before i forget, great work you had there man

[iq_132]

not to be stubborn or anything but i wonder if these older set of decrypted V ROMs could do the trick (assuming youve only tried with the KDev ones)

 

v2d - 945F8831

v4d - 393C9A62

 

and before i forget, great work you had there man

 

 

Yup, those are the ones you want to use. Just byteswap the kawaks v2 and v4 and you should be able to get those.

 

I already tried it though. I got the right v2 (8mb), but not the right v1 (8mb) (which I'm assuming is watermarked)

 

Aqua, I would still be appreciative if you could post one of those encryption programs for matrim, mslug5, and samsho5

Edited November 30, 2004 by iq_132