Tuesday, August 23, 2011

Bios+Games ready to test

I finally found where the problem with the BIOS was, it's with a function called cps3_dma_callback which is a bypass to execute the DMAs as the original CPS3 does.

For those who don't know what a DMA is, basically it's a way of copying blocks of data without making them going through the processor and therefore leaving it availiable to make other things. Basically your code, needs to send some instructions to a controller (disk drive, hard disk, CD, etc) and tell them which sector(s) to copy into which region(s) of memory. This controller has Direct Memory Access (DMA) and copies the data without your processor noticing it. When the copying process is ready a flag or IRQ is triggered.

Anyway, Mame is a very complex emulator and it uses a trick to emulate the DMA properly (when a DMA is performed it should bypass the encryption).

I have tried the BIOS with SFIII NG and SFIII-3 and in both works like a charm.

I have now created a full set of the 6 games completely unprotected and a BIOS based on the BIOS of SFIII-3.

Notice that all this is based on the assumption that a suicided cartridge will execute unencripted code.

If this doesn't happen to be the case, my next shot will be to use a signal analyser to see what communication is really going on between CPU and BIOS in a suicided cartridge. If it's reading something probably it will execute something....

I ordered some working and non working cartridges and I'll try to flash the new BIOS in them. Can't wait to have them with me....

more news soon.

10 comments:

  1. If you need someone to test on a Euro (suicided) NG system let me know -_^

    Awesome work, looking forward to seeing how you get on!

    ReplyDelete
  2. Hi, actually we could try something.
    Do you have the tools to desolder, programm the flash rom and solder it again?

    ReplyDelete
  3. Actually yes I do :)

    If you need to contact me my email is retrorepair@yahoo.co.uk ;)

    ReplyDelete
  4. I am super pumped about this! Thank you for your research! Hopefully my dead CPS3 kits will be playable in the future!

    ReplyDelete
  5. This comment has been removed by the author.

    ReplyDelete
  6. Hey, can you make a Third Strike cd image that can be loaded using the Giant Attack cart? If so, I am in need of one. My 3S cart just suicided. I'd be willing to contribute to the cause, too!

    ReplyDelete
  7. I'd love to try it out as well if possible. I have a suicided Giant Attack cartridge and disc, along with a Willem programmer and a generic chinese USB EEPROM programmer. Please let me know if I can be of help.
    (heya undamned, small world :)

    ReplyDelete
  8. seeing so much effort put into this at last
    thank you for your hard time getting a solution to CPS3 failure :)

    ReplyDelete
  9. Great work ! a blogpost about more technical stuff (in a devel way) can be really cool too (Encryption loop / CRC / Post Boot etc) !

    Good luck !

    ReplyDelete