After hooking up the 315-5881 encryption/compression emulation to Model 3 I collected some data from Dirt Devils and sent it to Metallic in order for him to search for a key. He found one, and now the HUD graphics (text etc. on the screen) get correctly decrypted and decompressed – something which is currently lacking in the ‘SuperModel’ emulator. Here are some shots of Dirt Devils running in MAME with the text layer working.

As this is MAME, and this is a ‘modern’ 3D game it doesn’t really run too well on my hardware (although I’ve heard it’s not so bad on an i7) so fingers crossed this brings the SuperModel team back to life and they backport some of this work.

The other ST-V game that really, really needed a working decryption emulation was Touryuu Densetsu Elan-Doree / Elan Doree – Legend of Dragoon, where most of the textures were encrypted.

Metallic used the same approach he used to get the Final Fight Revenge key to obtain the key for Elan Doree as well as the ones for the other ST-V games (Steep Slope Sliders, Radiant Silvergun – both of which already had working simulations but now use proper emulation)

Again there are graphical issues and performance problems still, but that’s due to our Saturn / ST-V emulation, especially noticeable because this runs in a high resolution.

I also hooked up the encryption device to the Model 2 driver (Dynamite Cop) and Model 3 driver (Star Wars Trilogy) allowing our existing simulation code to be replaced there (it returns text strings, so the simulation was already returning the correct data, meaning no visible improvement, just more correct to hardware code)

Using the new knowledge (and ST-V hookup for the encryption) talked about in the previous post Metallic was able to brute force a key for Capcom’s “Final Fight Revenge” allowing it to boot.

It’s slow and glitchy (but no surprise, the Saturn version in MESS is too, so I don’t think the issues are caused by bad decryption) and definitely one of Capcom’s weaker efforts but it’s nice to finally have it running, it was previously the only ST-V game that didn’t boot at all because they encrypt the first few blocks of code meaning it couldn’t start up at all.

Hopefully we can improve the ST-V / Saturn emulation a bit sometime soon.

If you’ve been following recent news / various GIT commits then you might have noticed that we recent connected the dots between the encryption/compression schemes used on Naomi carts and those used on other Sega systems (ST-V, Model 2, Model 3) etc.

In many cases these were used as a simple protection (especially on Model 2 / 3 and Radiant Silvergun in STV) just writing some values, reading them back and comparing them against a string in the code (which is very easy to bypass) but the reality is that there is a chip performing rather complex decompression and decryption operations on the data written in order to get that result, and in some cases it was actually used properly!

It was discovered by ANY and others that many of these boards used a 315-5881 chip, we’d long suspected it could be the same scheme, but had never actually managed to make a firm connection. Software to extract data for analysis from a Naomi board already exists, and it turned out that by transplanting one of the chips from an ST-V cartridge onto a Naomi board we could use the existing extraction code and obtain a key thus confirming the chips were exactly the same thing just programmed with different keys.

The encryption implementation, as it turned out, was missing some important details, features that none of the Naomi games really used (multiple encrypted/compressed blocks in a stream with mid-stream headers, non-power of 2 sizes for compressed data etc.) furthermore our encryption implementation was incomplete, so Andreas needed to further study the data and fill in some gaps. I poked around with the multiple block side of things a little, and eventually we’ve ended up with this

previously both these graphics (the Tecmo logo and entire title screen) were displayed as garbage because they’re both compressed and encrypted. I do wonder if there aren’t still some flaws (the Tecmo logo looks rather rough) but it could be right (see next statement), and the title screen definitely looks fine. An interesting fact is that the game also checks a few values in the decompressed Tecmo logo and if they don’t match the expected return values then the game breaks in various ways, for example the ball / player movement.

If you’re curious, the Tecmo logo is a single compressed stream with one block of compressed data. The title screen is a single stream with 4 blocks of compressed data (one for each quarter of the screen)

Performance still isn’t great here (it’s a high resolution ST-V game, and our video rendering code is slow)

Astra Super Stars also benefited from this, previously we were handling the HUD layer by loading the HUD data from the Sega Saturn version as a fake ‘ROM’ file in the romset, with the decryption hooked up I was able to remove the fake rom, the resultant data from the decryption process is identical so there’s no visible change, just the knowledge that we’re no longer depending on data that wasn’t on the PCB. Astra Superstars was a bit of odd one really, for some reason the chip marked ‘315-5881 317-5040-COM’ was actually used by 3 games (the other 2 being ‘Shin Nihon Pro Wrestling Toukon Retsuden 4 Arcade Edition’ and ‘World Kicks’) meaning we already had a key from the previous work on Naomi.

Note, while this will help a number of ST-V games once we get the correct keys it WILL NOT help Decathlete because Decathlete uses an entirely different chip.

My next plan is to hook this up to Model 2 / Model 3 in MAME, it won’t really improve the MAME driver, but if we can extract / brute force an encryption key for Dirt Devils it should allow the SuperModel devs to fix the 2D layer (see here) if they decide to update the emulator again.

The supply of not-so-original Korean ‘originals’ has dried up in recent years but when system11 spotted the board for a game called ‘Come Back Toto’ for sale he couldn’t resist buying it.

The game, which attempts to pass itself off as an original 1996 title by ‘SoftClub’ is actually a reskin of Toaplan’s Snow Bros. He dumped it, I emulated it, there was some basic line swapping on all the roms, and a stupid ‘protection’ check (wanted a fixed value returned from a port Snow Bros doesn’t use) but overall getting it working wasn’t much of a challenge. Here are some side-by-side screenshots with Snow Bros.

As you can see all the sprites have been redrawn, the theme changed (you throw little ‘punch’ icons instead of snow), the levels redesigned, and (not visible from the screenshots) the music remixed a little, but it’s the same game running for the most part the same code (with numerous patches and bits added)

I do love it when these things turn up :-)

UME is the complete/combined version of the MAME / MESS project.

Official whatsnew texts for (MAME, MESS) provide full details of what has changed since 0.156.

This is the first release built since the official source repository was moved to GitHub, it is based on the official ‘mame0157’ tagged version.

UME 0.157 Windows binaries – 32-bit, 64-bit and all tools
(source matches official mamedev.org source distribution, here for completeness)

Other Binaries (if you don’t know what these are you don’t need them)
MAME/MESS split 0.157 Windows binaries – 32-bit, 64-bit and all tools

Points of Interest

0.157 is fairly light on the ‘new working games’ side of things, but there have been a couple of important revision fixes including a fix for the flickering sprites in ‘720’ that has plagued MAME since some rewrites a few years back.

In the MESS side there have been improvements to the recently added Gamate driver as well as many other changes to less well known systems – it’s definitely worth checking out the progress logs there.

End of 2014

2014 is now at an end as far as MAME/MESS/UME releases are concerned, and I’m going to finishg off the 2014 writeup over the next few weeks. In the meantime, what have been your favourite moments?