Jump to content

neopcm2

aquasync

By aquasync
in Arcade Emulators [/pc/arcade]

 Share

Recommended Posts

aquasync Newbie

aquasync

Posted
  • Author
Posted
hey aqua, can you try making a matrimelee V encrypter?

 

Well, yeah, soon as I got the values from that site iq_132 linked, I tried encrypting mslug5 and pim. Neither of them got crc matches though, probably because of some watermarks/patches again.

Ie, i could post an encrypted, but you won't get the crcs you're probably looking for. If anyone has both encrypted and decrypted, we can get a patch of the difference between the encrypted decrypted roms, and the plain encrypted roms (if that makes sense).

But isn't there no good dump of the matrimelee encrypted roms anyway?

 

Anyway aquasync there is still a set of V roms to work out and thats kof2003

Well I could probably do it, but I haven't seen any crcs (let alone a dump) for the encrypted vs. (granted I hadn't been looking).

  • Replies 44
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Xeon Newbie

Xeon

Posted
Posted

not to be stubborn or anything but i wonder if these older set of decrypted V ROMs could do the trick (assuming youve only tried with the KDev ones)

 

v2d - 945F8831

v4d - 393C9A62

 

and before i forget, great work you had there man :D

iq_132 Newbie

iq_132

Posted
Posted (edited)
not to be stubborn or anything but i wonder if these older set of decrypted V ROMs could do the trick (assuming youve only tried with the KDev ones)

 

v2d - 945F8831

v4d - 393C9A62

 

and before i forget, great work you had there man :D

 

 

Yup, those are the ones you want to use. Just byteswap the kawaks v2 and v4 and you should be able to get those.

 

I already tried it though. I got the right v2 (8mb), but not the right v1 (8mb) (which I'm assuming is watermarked)

 

Aqua, I would still be appreciative if you could post one of those encryption programs for matrim, mslug5, and samsho5 :)

Edited by iq_132
aquasync Newbie

aquasync

Posted
  • Author
Posted (edited)

Ok, I uploaded the program. I get this output with my vs:

266-v1d.bin: 352b0a07

266-v2d.bin: 945f8831

266-v3d.bin: e8362fcc

266-v4d.bin: 393c9a62

266-v1.new: 86b6ef14

266-v2.new: d0f69eda

 

Which seem the same as yours. Are there newer ones than these then?

 

oops, forgot to add : http://up1.fastuploads.com/pim_venc.zip. If your crcs are different / you get the right encrypted ones, can you post your decrypted crcs..

Edited by aquasync
iq_132 Newbie

iq_132

Posted
Posted (edited)

Thanks aqua :D

 

My crcs are all the same as yours.

 

*edit*

Here's fataku's neo-pcm2 source:

 

// © PLAYMORE 2002 20-09-2004
static void neo_pcm2_playmore_2002(int value)
{
       //kof2002,matrimelee,mslug5 (pcb and mvs),samsho5,svcchaos (pcb and mvs),kof2003 (pcb and mvs),samsh5sp (mvs and aes)
       //offset,xor address
       unsigned int addrs[7][2]={
                {0x000000,0xA5000}, //kof2002
                {0xFFCE20,0x01000}, //matrimelee
                {0xFE2CF6,0x4E001}, //mslug5
                {0xFEB2C0,0x0A000}, //samsho5
                {0xFFAC28,0xC2000}, //svcchaos
                {0x000000,0x00000}, //kof2003
                {0xFFB440,0x02000}, //samsh5sp
                };
       unsigned int xordata[7][8]={
                {0xF9,0xE0,0x5D,0xF3,0xEA,0x92,0xBE,0xEF}, //kof2002
                {0xC4,0x83,0xA8,0x5F,0x21,0x27,0x64,0xAF}, //matrimelee
                {0xC3,0xFD,0x81,0xAC,0x6D,0xE7,0xBF,0x9E}, //mslug5
                {0xCB,0x29,0x7D,0x43,0xD2,0x3A,0xC2,0xB4}, //samsho5
                {0xC3,0xFD,0x81,0xAC,0x6D,0xE7,0xBF,0x9E}, //svcchaos
                {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, //kof2003
                {0x4B,0xA4,0x63,0x46,0xF0,0x91,0xEA,0x62}, //samsh5sp
                };

UINT8 *src = memory_region(REGION_SOUND1);
UINT8 *buf = malloc(0x1000000);
int i, j, d;

       memcpy(buf,src,0x1000000);
       for (i=0;i<0x1000000;i++){
           j=BITSWAP24(i,23,22,21,20,19,18,17,0,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,16);
           j=j^addrs[value][1];
           d=((i+addrs[value][0])&0xffffff);
           src[j]=buf[d]^xordata[value][j&0x7];
       }
       free(buf);
}

Edited by iq_132
aquasync Newbie

aquasync

Posted
  • Author
Posted (edited)

Well all the values look the same, and its the same algorithm (although using BITSWAP expects a whole lot of the compiler's optimizer if it is going to be as fast as just switching bits 16 and 1 directly).

Whats interesting is that kof2003 is included, but then the values look to be placeholders.

 

---------------

 

I was trying to figure out why I can't get the real mslug5 vs. Encrypting gives me this:

268-v1d.bin: c3540e0d

268-v2d.bin: 077bd2f4

268-v3d.bin: 39b14567

268-v4d.bin: 969ff3b2

268-v1.new: e66e4f61

268-v2.new: 94b46260

 

And I'm expecting these:

268-v1.bin 33c6305c

268-v2.bin 1afb848e

 

 

I think the problem is my vs are bad. Sticking them together, they are

268-v1d.bin 0ab43275 8388608

268-v2d.bin 358b1419 8388608

 

When they should be,

268-v1d.bin 14848c5c

268-v2d.bin 696cce3b

 

 

Does anyone have/can make a patch between between these v's?

Edited by aquasync
Xeon Newbie

Xeon

Posted
Posted
Well all the values look the same, and its the same algorithm (although using BITSWAP expects a whole lot of the compiler's optimizer if it is going to be as fast as just switching bits 16 and 1 directly).

Whats interesting is that kof2003 is included, but then the values look to be placeholders.

 

---------------

 

I was trying to figure out why I can't get the real mslug5 vs. Encrypting gives me this:

268-v1d.bin: c3540e0d

268-v2d.bin: 077bd2f4

268-v3d.bin: 39b14567

268-v4d.bin: 969ff3b2

268-v1.new: e66e4f61

268-v2.new: 94b46260

 

And I'm expecting these:

268-v1.bin 33c6305c

268-v2.bin 1afb848e

 

 

I think the problem is my vs are bad. Sticking them together, they are

268-v1d.bin  0ab43275 8388608

268-v2d.bin  358b1419 8388608

 

When they should be,

268-v1d.bin 14848c5c

268-v2d.bin 696cce3b

 

 

Does anyone have/can make a patch between between these v's?

 

you have the original release decrypted V ROMs which were said to be bootlegs. heres are the patches you need (for 2x8 MB vxd ROMs)

268_vxd_patch.zip

aquasync Newbie

aquasync

Posted
  • Author
Posted (edited)
Aqua, I would still be appreciative if you could post one of those encryption programs for matrim, mslug5, and samsho5 smile.gif

Sorry I didn't see that, sure, I think the only one missing is mslug5 right? Which I've got here somewhere...

http://up1.fastuploads.com/ms5_venc.zip

 

Maybe it'll work for me now with these new patches (thanks xeon).

 

That site has some useful info, I finally made the 2 encrypted svcchaos gfx roms, and its possible to go between all the sets now (svcboot/svcplus <-> svcchaosa <-> svchaosnd <-> svchaos).

 

So, what we need now is for the m1 encryption to be figured out. Does anyone have any info on this, or have good pairs for a bunch of roms?

 

--

 

Actually scrap that program. I just realised the one i posted expects 4 vds, and that I'd left the address xor as 0x4e000 instead of 0x4e001, which I was testing. I'll post a proper one later.

 

I'm getting this at the moment:

268-v1d.bin: 14848c5c

268-v2d.bin: 696cce3b

268-v1.new: e4a934f9

268-v2.new: c40613ed

or changing the address xor to 4e000 (it just seemed strange to be the only one with any bits set <12)

268-v1.new: 529d9191

268-v2.new: e4485fd5

 

So it doesn't look good. Perhaps when someone gets a chance they can post a patch between the encrypted decrypted roms, and the normal ones.

Edited by aquasync
aquasync Newbie

aquasync

Posted
  • Author
Posted

Ok, update on the matrimelee vs:

The first two bytes of pim's encrypted v1 (86b6ef14), were c4c4, ie the first byte of the data xor, ie they probably came from encrypting 2 0s.

This was the case with the svcchaos vs, where the first 2 (erroneous) bytes were c3c3. I first tried switching the 2 bytes of pim with ec29 (as per svcchaos), then with (perhaps more logically) eb23 (which is ec29 ^ c4 ^ c3). Still no luck. So I decided to go fishing :lol:. I had a program generate all 256 * 256 crcs for all 2 byte combinations, and lo and behold, for f018, I got a4f83690. (At this point I should probably note the typo of a4f83680 from iq_132's driver, that stressed me for a little while :( ).

So, perfect pim v's for all :).

 

The differences in encrypted and decrypted form:

 

--- 266-v1.bin 86b6ef14 800000

+++ 266-v1.bin a4f83690 800000

0 c4c4 f018

 

--- 266-v1d.bin 352b0a07 400000

+++ 266-v1d.bin 435f33cf 400000

21e0 00 34

+ffff 00 dc

Mr.X Newbie

Mr.X

Posted
Posted

Nice stuff, aquasync !

 

266-v1d.bin CRC32 435f33cf 's the right one unwatermarked. As U said there 's only 2 diff. with V1d 352b0a07 :

 

0x21e0 00 34

 

0x121e0 00 DC

aquasync Newbie

aquasync

Posted
  • Author
Posted

Ok, I uploaded a fixed mslug5 encrypter (http://up1.fastuploads.com/ms5_venc2.zip). Included is a.bat file that will encrypt with 2 different methods, and make patches of the results against the real vs. (33c6305c & 1afb848e)

Ideally, one of the sets of patches should be quite small, and that will mean it was the right method, and those patches are the fixes/watermarks. If anyone has those roms, can they post the crreated patches plz.

Mr.X Newbie

Mr.X

Posted
Posted

Finally samsho5 encrypted V were already out :

 

Diff between encrypted 270-v1.bin : 7541763A > 62E434EB

 

$432000 : F1F6 > FBFF

$610042 : 0000 > FFF7

$618020 : 0000 > FFF7

 

Diff between encrypted 270-v2.bin : 4E6E7D98 > 180F3C9A

$410000 : FAB9 > FEBD

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...