If you’ve been following recent news / various GIT commits then you might have noticed that we recent connected the dots between the encryption/compression schemes used on Naomi carts and those used on other Sega systems (ST-V, Model 2, Model 3) etc.
In many cases these were used as a simple protection (especially on Model 2 / 3 and Radiant Silvergun in STV) just writing some values, reading them back and comparing them against a string in the code (which is very easy to bypass) but the reality is that there is a chip performing rather complex decompression and decryption operations on the data written in order to get that result, and in some cases it was actually used properly!
It was discovered by ANY and others that many of these boards used a 315-5881 chip, we’d long suspected it could be the same scheme, but had never actually managed to make a firm connection. Software to extract data for analysis from a Naomi board already exists, and it turned out that by transplanting one of the chips from an ST-V cartridge onto a Naomi board we could use the existing extraction code and obtain a key thus confirming the chips were exactly the same thing just programmed with different keys.
The encryption implementation, as it turned out, was missing some important details, features that none of the Naomi games really used (multiple encrypted/compressed blocks in a stream with mid-stream headers, non-power of 2 sizes for compressed data etc.) furthermore our encryption implementation was incomplete, so Andreas needed to further study the data and fill in some gaps. I poked around with the multiple block side of things a little, and eventually we’ve ended up with this
previously both these graphics (the Tecmo logo and entire title screen) were displayed as garbage because they’re both compressed and encrypted. I do wonder if there aren’t still some flaws (the Tecmo logo looks rather rough) but it could be right (see next statement), and the title screen definitely looks fine. An interesting fact is that the game also checks a few values in the decompressed Tecmo logo and if they don’t match the expected return values then the game breaks in various ways, for example the ball / player movement.
If you’re curious, the Tecmo logo is a single compressed stream with one block of compressed data. The title screen is a single stream with 4 blocks of compressed data (one for each quarter of the screen)
Performance still isn’t great here (it’s a high resolution ST-V game, and our video rendering code is slow)
Astra Super Stars also benefited from this, previously we were handling the HUD layer by loading the HUD data from the Sega Saturn version as a fake ‘ROM’ file in the romset, with the decryption hooked up I was able to remove the fake rom, the resultant data from the decryption process is identical so there’s no visible change, just the knowledge that we’re no longer depending on data that wasn’t on the PCB. Astra Superstars was a bit of odd one really, for some reason the chip marked ‘315-5881 317-5040-COM’ was actually used by 3 games (the other 2 being ‘Shin Nihon Pro Wrestling Toukon Retsuden 4 Arcade Edition’ and ‘World Kicks’) meaning we already had a key from the previous work on Naomi.
Note, while this will help a number of ST-V games once we get the correct keys it WILL NOT help Decathlete because Decathlete uses an entirely different chip.
My next plan is to hook this up to Model 2 / Model 3 in MAME, it won’t really improve the MAME driver, but if we can extract / brute force an encryption key for Dirt Devils it should allow the SuperModel devs to fix the 2D layer (see here) if they decide to update the emulator again.