Tuesday, August 9, 2011

CRCs are history

I start debugging and getting into the program. I don't know the rest of debuggers out there, but at least in my case, debugging is like programming, in the sense that it takes some time to get into the program and be really productive, so you can't just work in sessions of half an hour.

A couple of days later (overnight which is when I usually can work more than 20 minutes without interrumptions)  I have found all the CRC checks.

There are a couple of interesting things in the CRC checks.
First is that there are several CRC checks and they go in blocks. Files 30 and 31 have a common CRC so I just need to modify the 31 and the test will go OK for files 30 and 31. The same goes for 40 and 41, 50 and 51 as well as 60 and 61(4 checks in total in the longest game)

Secondi is that files 10 and 20 have an independent CRC so I should change the CRC both in files 10 and 20.
Another interesting thing is that there are only 6 types of cartridges. If the key is the same, the CRC check is the same. The BIOS may change, but the keys and the CRC are the same independently of country and revision.

After that I have modified my c program and now I just enter the input version and the output cartridge and I get all files re-encrypted and with the right CRC. The ISO modifying process is still manual though.

I have done several tests like Warzard/Red Earth running on SFIII New Gen Cartridge or JOJO Bizarre adventure running in SFIII-3 cartridge. I have done many more tests in MAME which work OK but only those two in the real thing.

I have ordered several memories to enlarge my SFIII Newgen board and I'll convert all 6 games for this cartridge which is one of the earliest. This will eventually proof that games can independently of the cartridge model.

In the meanwhile, I'm creating an unencrypted BIOS that will skip all the CRC and CD Checks so that will accept any CD and any CRC Check. If I manage to get this BIOS without encryption(I don't mean with the keys to 0's but just unencrypted) running on a recompiled version of MAME we will be very close to a phoenix cartridge. I'm about to order a socket for the 29F400 so I can reprogramm it many times without the hassle of soldering. If someone has some tips about how to make many tests on a 29f400 eprom please advice.

Expect more news sometime soon.

7 comments:

  1. You're progressing really well! I can't wait to upgrade my asian 3rd strike to jap 3rd strike. Thank you for your hard work.

    ReplyDelete
  2. Sounds like if you are fitting a socket that'll be the quickest way to reprogram the bios.

    Would be good to get my NG working again. It's odd because the battery is still reading 3.6v but the screen is just garbage :(

    ReplyDelete
  3. great news, thanks for the hard work and for sharing !

    ReplyDelete
  4. Wow great work once you update your cps3 board for 3rd strike show off some color edits from here.

    http://ensabahnur.free.fr/ModifiedPalettesDBNew/index.php

    or i can send a edited 50/51 file for another game if 3s isn't for you.

    ReplyDelete
  5. @RetroRepair, even if the battery is OK, any small shortcut can stop the power supply to the processor which is holding the keys and they will be erased.

    @jedpossum, I assume you already tried to edit an ISO with your 50/51 files and you got the CRC error check, right?

    ReplyDelete
  6. I don't have a cd version of any board to test it.

    Also here is the Regions if you plan on changing them.

    0x#0 = X X X X X (Develop)If your game supports it
    0x#1 = Japan
    0x#2 = Asia
    0x#3 = Euro
    0x#4 = USA
    0x#5 = Hispanic
    0x#6 = Brazil
    0x#7 = Oceania
    0x#8 = Korea

    Most of these regions will work on Jojo's. Widescreen for sf3.
    0x0# = Standard
    0x1# = no CD
    0x2# = Character Check
    0x3# = Publicity
    0x4# = Location Test
    0x5# = Show
    0x6# = Debug
    0x7# = Development
    0x8# = Inspection (or the start of Widescreen for some games)

    ReplyDelete
  7. I don't have a cd version board to test with.
    Not sure if you know the regions but here
    0x#0 blank(sometimes has dev options)
    0x#1 Japan
    0x#2 Asia
    0x#3 Euro
    0x#4 USA
    0x#5 Hispanic
    0x#6 Brazil
    0x#7 Oceania
    0x#8 Korea

    Versions share the same byte as region.
    0x1# no CD
    0x7# Development (Jojo's only)
    0x8# Widescreen (sf3 only)

    ReplyDelete