84 Users Online
|| E-Mail |
News from June 2007|
cycles of 'x' and squares of 'y' : CPS3 encryption cracked!
Monday, June 11th, 2007
from David Haywood's postings
once you applied the same mask to obtain the previous values, you found that the bits showed smaller cycles now, although no longer always with the characteristic of which second half of the cycle was just as first but invested. In addition, although the size of the cycles seemed ordered according to the order of the bits, the 4 first had the same length that last 4 and three of the bits (the number # 1, #4 # 5) showed a property (initially) amazing: in them was clear the effect of an operation XOR with certain bit of the direction (not the same one in the three cases).
Dox decided to hack around a bit with the driver, and found a way to skip some of the tests. As a result JoJo and JoJoba actually now execute some of the game code, rather than just the bios. They both hang after the Japan warning however. The code appears to be stuck in a big loop, dong not much at all.
Doing this properly is something of a pain in the backside due to the way MAME works. The games execute code from FlashROMs, however due to the way FlashROMs are accessed MAME must map them as Read/Write handlers in the driver, not blocks of RAM/ROM. MAME’s CPU cores don’t handle executing code from Read/Write handlers well, nevermind *encrypted* code (with the possibility of *decrypted* data) from such handlers. This is probably going to require some rather ugly hacking around.
etc etc etc, go find out more at the link and post your opinions in the forums, this is a great day for emulation!