Re: [新聞] (WIP) David Haywood's Homepage

看板Emulator (模擬器)作者conpo (獅子たちの旗)時間9年前 (2016/01/05 11:54)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串56/78 (看更多)

2016.01.03 "Extreme Sensation Exploit!" I was staring to think we weren’t going to get any Snow this year, only rain, lots and lots of rain…. However, even if there’s no snow outside, I can present you with some snow for MAME, in this case the news that Gaelco’s SnowBoard Championship is a step closer to being emulated. Unlike most Gaelco games which used an evil Dallas protection device complete with suicide battery, SnowBoard Championship instead used a less complex device programmed to do some decryption tasks, and used as protection. The game was passing various things to the device, like text strings, sample numbers, and some directional direction used by the game, it expected correct data back in order for the game to run properly. Previously in MAME the game would display corrupt text, hang during attract mode, play incorrect samples and have completely broken controls. The operation of the device turned out to be simple, actually even less complex than I was first expecting. I’d already briefed Charles MacDonald (who purchased a PCB for running our tests) that the game writes 32-bits of data to an address, and reads 16-bits back from another address, and that it uses different pairs of addresses throughout execution, so naturally I was expecting the different addresses to use different encryption schemes, one of his first discoveries was that the address was completely irrelevant, done only to throw off anybody trying to understand it. With this knowledge he made a few mods to the hardware and software running on the board to collect the 16-bit results for all possible 32-bit writes the game could make, resulting in an 8GB table. I hooked this 8GB table up in MAME to verify the results and the game immediately started working. We still need to reduce the 8GB table to actual equations, Olivier plans on looking at this, but rest assured the game is now very close to being playable in a public build of MAME. (RAR compression manages to reduce the table to a 180MB file, there are clear patterns all over the place, so I doubt even that is especially complex) Here’s a video recorded from MAME, it’s recorded using the 2.1 parent set. https://www.youtube.com/watch?v=McnqJYJ-lIs&feature=player_embedded

Both the 2.1 and 2.0 sets use the same encryption, so here are some screenshots from the 2.0 set for anybody not wanting to watch the video. http://mamedev.emulab.it/haze/pics2016/snowboard_1.png

http://mamedev.emulab.it/haze/pics2016/snowboard_9.png

http://mamedev.emulab.it/haze/pics2016/snowboard_10.png

(其他截圖請至來源處瀏覽) 來源 http://mamedev.emulab.it/haze/ -- ポーラステーション http://perry0517a.blogspot.tw/ -- ※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 118.160.71.158 ※ 文章網址: https://www.ptt.cc/bbs/Emulator/M.1451966063.A.E09.html ※ 編輯: conpo (118.160.71.158), 01/05/2016 11:54:50