chankast and naomi

[TheGuru]

so are you going to try with ROM games only or Naomi GDROM too?

Everyone who is concerned about GDROM emulation should forget about that.
The protection on the NAOMI hardware will prevent it for a long time. This is not a simple DC, it's much more complex than that, although mostly the hardware is similar.
It would be more productive if GDROM emulation was not brought up again. For now we'll concentrate on cart-based games. When we know more, everyone will be informed

Guru

 

[steamover]

thanks for replying Guru ... i was interested on GDs because i read at system16 it uses a dongle key system... so that's why asked about.

Good luck at dumping and thanks for all.. i think you, Haze (good vacations!), Belmont, Nicola, smf and others developers are making a great job at MAME, ZiNc and now Naomist (lol)...these arcade machines will never be forgotten.

 

[Nemesis]

I'm curious about this "serial ID". What precisely is it used for, and how is it verified? Couldn't it be faked or bypassed for testing purposes, or is it physically required (eg, a decryption key or the like).

 

[TheGuru]

I'm curious about this "serial ID". What precisely is it used for, and how is it verified? Couldn't it be faked or bypassed for testing purposes, or is it physically required (eg, a decryption key or the like).

We're curious too, that's why we need to dump it.
Guessing is not an option.
You can guess if you want.....
Take the numbers 0 to 9 and the letters A to F (HEX constants)
now combine them in pairs and lay out 128 pairs where any pair can be any number from 00h to FFh and can be in any of the 128 locations.
save the file (will be 128 bytes long) and then try each file in the emulator. That should only take you about a year ;-)


Guru

 

[Nemesis]

I understand the imposibility in bruteforcing it, but the fact is that the bios is making the check, right? It shouldn't be too hard to read through the peice of code responsible for checking the ID, and figuring out how it's performing the check. If it's just a simple serial number, it'd be pretty easy to write a keygen of sorts just by taking a bit of time to analyse the code.

 

[Evrain]

Okay, since we started a "tech discussion", I join in:

1. the Board ID is referred to the "A" board (NAOMI itself) or it's unique for each game ("B") cart?
2. Am I wrong or cart-based NAOMIs are identified as Type D?
3. I like complicated stuff, so please don't hit me if I say this: I am sure donations for the adapter will come soon, however given the small size of the key why not script-generating (yes, I am a damn PHP coder :devil: ) the various possible files (a bunch at a time, of course!!!) and letting Chanka test it? Even if that would need a hack to restart the emulator with the next key file each time the BIOS returns the error code shown in garrofi's pic

I'm talking nonsense again....
Evrain

 

[TheGuru]

I understand the imposibility in bruteforcing it, but the fact is that the bios is making the check, right? It shouldn't be too hard to read through the peice of code responsible for checking the ID, and figuring out how it's performing the check. If it's just a simple serial number, it'd be pretty easy to write a keygen of sorts just by taking a bit of time to analyse the code.

Well, it might be possible to just hack the code and NOP out the bad bits we don't want. But that's not 'emulation'.
It could be more than a simple serial number, we don't know. Again, that's why we need to dump that EEPROM.

Guru

 

[Evrain]

You mean a decryption key based on the BOARD ID?
Evrain

 

[Nemesis]

I still think that a quick analysis of the bios itself would yeild the answer.

Out of curiosity, what location is that chip is mapped to in the memory space? What location in memory does it look to when it wants to read that ID?

 

[Nemesis]

Wow, a lot of posts all at once there. I wasn't suggesting to hack out the protection (well, not as a long term fix anyway, but I'd do it just to see how much further the thing would go anyway out of curiosity), I was suggesting analysing it, so we have a better idea what the serial number actually is, and how it's verified. Best case, we can derive the original serial number back from the game itself, so we don't have to dump these chips at all (though that is unlikely).

 

[TheGuru]

Okay, since we started a "tech discussion", I join in:

1. the Board ID is referred to the "A" board (NAOMI itself) or it's unique for each game ("B") cart?
2. Am I wrong or cart-based NAOMIs are identified as Type D?
3. I like complicated stuff, so please don't hit me if I say this: I am sure donations for the adapter will come soon, however given the small size of the key why not script-generating (yes, I am a damn PHP coder :devil: ) the various possible files (a bunch at a time, of course!!!) and letting Chanka test it? Even if that would need a hack to restart the emulator with the next key file each time the BIOS returns the error code shown in garrofi's pic

I'm talking nonsense again....
Evrain

Each main board would likely have a unique serial number. As it's been suggested, it probably conforms to an algorithm. However note the EEPROM is 128 bytes long. The serial is at most 10 or 20 bytes, so what else it contains is unknown, and would probably be needed by the hardware checks.

There are no 'types'. It's a main board and a cart, that's all.

As I've already said, 'hacking' isn't emulation.

Guru

 

[TheGuru]

Wow, a lot of posts all at once there. I wasn't suggesting to hack out the protection (well, not as a long term fix anyway, but I'd do it just to see how much further the thing would go anyway out of curiosity), I was suggesting analysing it, so we have a better idea what the serial number actually is, and how it's verified. Best case, we can derive the original serial number back from the game itself, so we don't have to dump these chips at all (though that is unlikely).

The problem is there are too many unknowns. If you look at how the ZN1 games in MAME were broken (http://unemulated.emuunlim.com/ZNx/index.html), we dumped a few security chips and then once we knew more we were able to brute force the remaining undumped chips. Without the initial dumps, that would simply not be possible.
Guessing with no clues is a waste of time.

Guru

 

[TheGuru]

You mean a decryption key based on the BOARD ID?
Evrain

no one mentioned anything about a decryption key. at least not for ROM-based carts. GDROMs do have a key, which is a small chip called a 'PIC'. But that's another puzzle for later.

Guru

 

[Nemesis]

You know the RevC of SegaSonic Arcade? It was emulated a few months back, desipte the fact that that little device which sat on the system bus, running god knows what peice of code, wasn't dumped. I cracked that protection, and I did it in 2 days. All that from reverse-engineering, with no idea of what data was actually on the cart. I cracked it from testing and observation. Hacking can be a tool which allows you to emulate something.

 

[TheGuru]

You know the RevC of SegaSonic Arcade? I cracked that protection, and I did it in 2 days.

so hack the NAOMI protection then.
Anyway, this line of questioning is just wasting my time, let's move on!


Guru

 

[Nemesis]

Hey, I'm up for it. Don't get me wrong, I'm not an egomaniac (though not always humble either), I'm just a guy with too much time on his hands who works at a project night and day until it's done. I'm more than willing to give the NAOMI protection a shot.

 

[The Jedi]

Only 100$ ? I thought it was more expensive.
I can do a personnal donation of 50$ in July (i have already burnt all my monthly pay in Virtual Boy games), a complement of 50$ the next month and after all a public donation with special funds from my (emulation) website. We already did it with CAPS and SMS Power so it would be a pleasure to help an active and dynamic project.

 

[mike20599]

So would hacking it make it work, but perhaps not the exact way it does on a real machine?

 

[Freesnake]

there are so many classic games on naomi……I am slobbering waiting for the new development……

 

[Clessy]

Maybe it's just me but wouldnt it be easier and much cheaper to do Atomiswave emulation next instead of Naomi?
Aomiswave is the excate same HD as the DC but with a different medium for games. Also it only runs around $400 vs the $1000 that a Naomi cost. It also doesnt have lock out or any advance secruity means.