David Haywood’s MAME(tm) WIP

Tirino73 dumped Tecmo’s ‘Back Fire’

The game has often been touted as a Japanese / Alternate version of ‘Silk Worm’, but really has very little in common. The code is completely different, and beyond sharing a few backgrounds the games can’t even be considered clones. The actual hardware is closer to Gemini Wing than Silk Worm (although appears to lack the MSM for sample playback). I should get the CPU Clocks verified too (the game has VERY heavy slowdowns) and ensure that the dipswitches are correct.

Other than that, with a few mods to the driver, it works.

Nothing to do with me, but Joerg Hartenberger added support for the final G-Net game “Otenami Haiken Final”.

Like “Otenami Haiken” it’s a collection of mini-games, although the ones here seem less interesting. It includes previous release ‘Zoooo’ renamed as ‘ZooKeeper’ which borders on blasphemous if you’re expecting / hoping it to be a remake of the Taito classic.

This was sold on a Compact Flash card rather than the usual Gnet cards, and requires the newer revision Bios. Joerg added support for these. There are emulation problems in MAME, but the games are playable if you’re lucky.

Now back to the usual schedule.

No news on the Kaneko front, the problems encountered previously (see comments in previous post) are still being analysed.

Using screenshots from the memory viewer I managed to decode some of the blocks (and hardcode the one I couldn’t fully understand the scrambling on).

This has allowed Shogun Warriors to progress further into the game. There are still MANY tables to extract tho.

Probably not the most interesting of photographs here, but an important one.

Dox hooked a memory viewer into the already modified code, and tested it on the real hardware. It’s interactive, and can be told to display whichever part of memory we’re interested in.

The protection device works by writing blocks of data to RAM, and then writing a pointer to the start of that block of data to a given address. Here we see the memory where one of the pointers is written. We’ve also verified that the data at this address (and various other addresses) is valid, but the camera batteries died (typical)

207fe0 is actually the first address set by the game for the data uploads, what’s interesting about this is that the memory being shown is not that of the first upload, but a later one, for the IRQ code. The same address is reused. Further study of the placement of the tables would seem to indicate that they’re uploaded after the previous one, and that there is a special command (with 0 length table) which resets the write address back to the initial value.

Some of the other data (not shown due to camera issue) also confirms that in addition to the known 0×40 byte decode tables on each block, there are also some bitswaps.

The next challenge will be charging the camera batteries.

The challenge after that will be comparing the data with the tables in the data rom, and figuring out the various bitswaps for the blocks of data we can see.

After that, we can try requesting different blocks, and doing the same. Each game has around 30 blocks of data that will need decoding, as stated before, the first target is Shogun Warriors, Brapboys will follow if that works.

So far.. all is good.

The first step to running tests on any PCB is to be able to get your own code running on the PCB. Some PCBs have active prevention against this (the MCUs / protection devices performing full rom checks, preventing modification for example). The good news is that the Kaneko board appears to have no such protection.

As I mentioned before, Shogun Warriors looks like an easier first case to emulate, and understand the CALC3 device with, so that’s where work will be focused. Of course, Dox didn’t have a Shogun Warriors board, only a B. Rap Boys one, and the alphanumeric sprite tiles are in a different place on both games. For this reason, it was necessary to modify the Shogun Warriors ROMs to work with the B.Rap Boys alphanumeric sprites and run that modified ROM on real hardware. Getting such a modified ROM to run on real hardware, in a stable state, was always going to be an important step in being able to test and understand this, so I was very glad when Dox sent me the following screenshot this afternoon.

It’s not much, but this is a slightly modified version of the Shogun Warriors program roms running on a B Rap Boys PCB, displaying the test menus using the graphics from the B Rap Boys ROMs.

is the same screen in MAME, interesting to see that the background colour is different, but not really important at this stage.

You can actually boot / run Shogun Warriors, but with the B.Rap Boys graphic roms it isn’t much to look at, but, it’s reassuring to know, as one of the possible avenues of investigation will be to put debug hooks in the code at various points

Dox will be throwing together a quick memory viewer application to run on the board, after which we’ll view some addresses and I’ll attempt to interpret some of the data returned. I can’t give an estimated time on this, but this is positive progress so far.