|
Vas WIP: decrypting Nihon System Omega
#363471 - 02/13/17 01:38 AM
|
|
|
|
gregf |
Ramtek's Trivia promoter
|
|
|
Reged: 09/21/03
|
Posts: 8612
|
Loc: southern CA, US
|
|
Send PM
|
|
|
Re: Vas WIP: decrypting Nihon System Omega
[Re: Vas Crabb]
#363473 - 02/13/17 03:14 AM
|
|
|
- ShouTime dumped the incredibly rare game Omega (Nihon System). It’s a ball-and-paddle game running on similar hardware to Sega’s Gigas. These games use an NEC MC-8123 CPU module containing a Z80 core, decryption circuitry, and an 8 KiB encryption key in battery-backed RAM.
This encryption scheme could have been brutal, requiring extensive analysis of a working CPU module to crack, if it weren’t for a fatal flaw: Sega used a simple linear congruential generator algorithm to create 8 KiB keys from 24-bit seeds. That means there are less than seventeen million encryption keys to test. Seventeen million might sound like a lot, but it’s far less than the total possible number of keys, and definitely small enough to apply a known plaintext attack in a reasonable amount of time. -
Amazing that the pcb is still running at this time. Lucked out in getting another pcb that uses the evil mc-8123 saved thanks to the earlier findings and work from years earlier by both Nicola and Dave.
-- src/mame/machine/mc8123.cpp
Additionally, Dave Widel has dumped some tables from a NEC MC-8123B and Nicola has made progress decrypting the first one. So we will require all NEC MC-8123B's also as well as the 1 remaining custom Z80 (to be sent to Dave Widel) Update: Nicola has cracked all of the custom Z80's and MC-8123 CPUs so we don't need them now. --
Counter Run is only game remaining from the src/mame/drivers/freekick.cpp file in which original pcb needs to be found (better if still in working condition). Fortunately the bootleg version of Counter Run is already supported in MAME, but it would be ideal if original version can be rescued/preserved.
Edited by gregf (02/20/18 10:35 PM)
|
|
|
|
Re: Vas WIP: decrypting Nihon System Omega
[Re: gregf]
#363476 - 02/13/17 04:16 AM
|
|
|
> > There are still 2 games from the src/mame/drivers/freekick.cpp file in which > original pcbs need to be found (better if still in working condition). Counter Run > and Gigas Mark II. I thought entries of these two would be on undumped Wiki, but not > yet even though the bootleg versions are already supported in MAME.
There is also Gigas MKIII, assuming it is not a typo for Gigas MKII. CAPS0ff has a chip from it.
|
|
|
|
Re: Vas WIP: decrypting Nihon System Omega
[Re: Diet Go Go Fan]
#363493 - 02/13/17 03:44 PM
|
|
|
> > > > There are still 2 games from the src/mame/drivers/freekick.cpp file in which > > original pcbs need to be found (better if still in working condition). Counter Run > > and Gigas Mark II. I thought entries of these two would be on undumped Wiki, but > not > > yet even though the bootleg versions are already supported in MAME. > > There is also Gigas MKIII, assuming it is not a typo for Gigas MKII. CAPS0ff has a > chip from it.
the chip Caps0ff has is almost certainly from the Oigas bootleg, there are no known original MCU protected Gigas sets, and no known 'Gigas MK III' however we do know that some bootlegs used their own protection (there's a protected Counter Run bootleg with 68705 too)
there's probably an undumped original Gigas MK II as the set we have is pre-decrypted with code / data split.
|
|
|