neopcm2

[aquasync]

Ok, I uploaded the program. I get this output with my vs:

266-v1d.bin: 352b0a07

266-v2d.bin: 945f8831

266-v3d.bin: e8362fcc

266-v4d.bin: 393c9a62

266-v1.new: 86b6ef14

266-v2.new: d0f69eda

 

Which seem the same as yours. Are there newer ones than these then?

 

oops, forgot to add : http://up1.fastuploads.com/pim_venc.zip. If your crcs are different / you get the right encrypted ones, can you post your decrypted crcs..

Edited November 30, 2004 by aquasync

[iq_132]

Thanks aqua

 

My crcs are all the same as yours.

 

*edit*

Here's fataku's neo-pcm2 source:

 

// © PLAYMORE 2002 20-09-2004
static void neo_pcm2_playmore_2002(int value)
{
       //kof2002,matrimelee,mslug5 (pcb and mvs),samsho5,svcchaos (pcb and mvs),kof2003 (pcb and mvs),samsh5sp (mvs and aes)
       //offset,xor address
       unsigned int addrs[7][2]={
                {0x000000,0xA5000}, //kof2002
                {0xFFCE20,0x01000}, //matrimelee
                {0xFE2CF6,0x4E001}, //mslug5
                {0xFEB2C0,0x0A000}, //samsho5
                {0xFFAC28,0xC2000}, //svcchaos
                {0x000000,0x00000}, //kof2003
                {0xFFB440,0x02000}, //samsh5sp
                };
       unsigned int xordata[7][8]={
                {0xF9,0xE0,0x5D,0xF3,0xEA,0x92,0xBE,0xEF}, //kof2002
                {0xC4,0x83,0xA8,0x5F,0x21,0x27,0x64,0xAF}, //matrimelee
                {0xC3,0xFD,0x81,0xAC,0x6D,0xE7,0xBF,0x9E}, //mslug5
                {0xCB,0x29,0x7D,0x43,0xD2,0x3A,0xC2,0xB4}, //samsho5
                {0xC3,0xFD,0x81,0xAC,0x6D,0xE7,0xBF,0x9E}, //svcchaos
                {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, //kof2003
                {0x4B,0xA4,0x63,0x46,0xF0,0x91,0xEA,0x62}, //samsh5sp
                };

UINT8 *src = memory_region(REGION_SOUND1);
UINT8 *buf = malloc(0x1000000);
int i, j, d;

       memcpy(buf,src,0x1000000);
       for (i=0;i<0x1000000;i++){
           j=BITSWAP24(i,23,22,21,20,19,18,17,0,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,16);
           j=j^addrs[value][1];
           d=((i+addrs[value][0])&0xffffff);
           src[j]=buf[d]^xordata[value][j&0x7];
       }
       free(buf);
}

Edited November 30, 2004 by iq_132

[aquasync]

Well all the values look the same, and its the same algorithm (although using BITSWAP expects a whole lot of the compiler's optimizer if it is going to be as fast as just switching bits 16 and 1 directly).

Whats interesting is that kof2003 is included, but then the values look to be placeholders.

 

---------------

 

I was trying to figure out why I can't get the real mslug5 vs. Encrypting gives me this:

268-v1d.bin: c3540e0d

268-v2d.bin: 077bd2f4

268-v3d.bin: 39b14567

268-v4d.bin: 969ff3b2

268-v1.new: e66e4f61

268-v2.new: 94b46260

 

And I'm expecting these:

268-v1.bin 33c6305c

268-v2.bin 1afb848e

 

 

I think the problem is my vs are bad. Sticking them together, they are

268-v1d.bin 0ab43275 8388608

268-v2d.bin 358b1419 8388608

 

When they should be,

268-v1d.bin 14848c5c

268-v2d.bin 696cce3b

 

 

Does anyone have/can make a patch between between these v's?

Edited December 1, 2004 by aquasync

[Xeon]

Well all the values look the same, and its the same algorithm (although using BITSWAP expects a whole lot of the compiler's optimizer if it is going to be as fast as just switching bits 16 and 1 directly).

Whats interesting is that kof2003 is included, but then the values look to be placeholders.

 

---------------

 

I was trying to figure out why I can't get the real mslug5 vs. Encrypting gives me this:

268-v1d.bin: c3540e0d

268-v2d.bin: 077bd2f4

268-v3d.bin: 39b14567

268-v4d.bin: 969ff3b2

268-v1.new: e66e4f61

268-v2.new: 94b46260

 

And I'm expecting these:

268-v1.bin 33c6305c

268-v2.bin 1afb848e

 

 

I think the problem is my vs are bad. Sticking them together, they are

268-v1d.bin  0ab43275 8388608

268-v2d.bin  358b1419 8388608

 

When they should be,

268-v1d.bin 14848c5c

268-v2d.bin 696cce3b

 

 

Does anyone have/can make a patch between between these v's?

<{POST_SNAPBACK}>

 

you have the original release decrypted V ROMs which were said to be bootlegs. heres are the patches you need (for 2x8 MB vxd ROMs)

268_vxd_patch.zip

[aquasync]

Aqua, I would still be appreciative if you could post one of those encryption programs for matrim, mslug5, and samsho5 smile.gif

Sorry I didn't see that, sure, I think the only one missing is mslug5 right? Which I've got here somewhere...

http://up1.fastuploads.com/ms5_venc.zip

 

Maybe it'll work for me now with these new patches (thanks xeon).

 

That site has some useful info, I finally made the 2 encrypted svcchaos gfx roms, and its possible to go between all the sets now (svcboot/svcplus <-> svcchaosa <-> svchaosnd <-> svchaos).

 

So, what we need now is for the m1 encryption to be figured out. Does anyone have any info on this, or have good pairs for a bunch of roms?

 

--

 

Actually scrap that program. I just realised the one i posted expects 4 vds, and that I'd left the address xor as 0x4e000 instead of 0x4e001, which I was testing. I'll post a proper one later.

 

I'm getting this at the moment:

268-v1d.bin: 14848c5c

268-v2d.bin: 696cce3b

268-v1.new: e4a934f9

268-v2.new: c40613ed

or changing the address xor to 4e000 (it just seemed strange to be the only one with any bits set <12)

268-v1.new: 529d9191

268-v2.new: e4485fd5

 

So it doesn't look good. Perhaps when someone gets a chance they can post a patch between the encrypted decrypted roms, and the normal ones.

Edited December 1, 2004 by aquasync

[aquasync]

Ok, update on the matrimelee vs:

The first two bytes of pim's encrypted v1 (86b6ef14), were c4c4, ie the first byte of the data xor, ie they probably came from encrypting 2 0s.

This was the case with the svcchaos vs, where the first 2 (erroneous) bytes were c3c3. I first tried switching the 2 bytes of pim with ec29 (as per svcchaos), then with (perhaps more logically) eb23 (which is ec29 ^ c4 ^ c3). Still no luck. So I decided to go fishing . I had a program generate all 256 * 256 crcs for all 2 byte combinations, and lo and behold, for f018, I got a4f83690. (At this point I should probably note the typo of a4f83680 from iq_132's driver, that stressed me for a little while ).

So, perfect pim v's for all .

 

The differences in encrypted and decrypted form:

 

--- 266-v1.bin 86b6ef14 800000

+++ 266-v1.bin a4f83690 800000

0 c4c4 f018

 

--- 266-v1d.bin 352b0a07 400000

+++ 266-v1d.bin 435f33cf 400000

21e0 00 34

+ffff 00 dc

[Mr.X]

Nice stuff, aquasync !

 

266-v1d.bin CRC32 435f33cf 's the right one unwatermarked. As U said there 's only 2 diff. with V1d 352b0a07 :

 

0x21e0 00 34

 

0x121e0 00 DC

[aquasync]

Ok, I uploaded a fixed mslug5 encrypter (http://up1.fastuploads.com/ms5_venc2.zip). Included is a.bat file that will encrypt with 2 different methods, and make patches of the results against the real vs. (33c6305c & 1afb848e)

Ideally, one of the sets of patches should be quite small, and that will mean it was the right method, and those patches are the fixes/watermarks. If anyone has those roms, can they post the crreated patches plz.

[neo04]

ok here are the patches created from venc1..

http://www.geocities.com/neomamepx/temp/ms5_venc1_patch.zip

[aquasync]

ok here are the patches created from venc1..

http://www.geocities.com/neomamepx/temp/ms5_venc1_patch.zip

<{POST_SNAPBACK}>

 

Thanks for making those, the unfortunate problem is that I'm an idiot .

The first patch is correct, but the second isn't, because the.bat should read like this "uips c v2_1.ips 268-v2.new 268-v2.bin", on the 3rd line. (It currently just creates the first patch again ).

[Mr.X]

Finally samsho5 encrypted V were already out :

 

Diff between encrypted 270-v1.bin : 7541763A > 62E434EB

 

$432000 : F1F6 > FBFF

$610042 : 0000 > FFF7

$618020 : 0000 > FFF7

 

Diff between encrypted 270-v2.bin : 4E6E7D98 > 180F3C9A

$410000 : FAB9 > FEBD