Final Burn Neo > FBN Development

Fun with write handlers and memory mapping

(1/1)

iq_132:
Here's an implementation of the kof2002 px descramble that uses 0 bytes of ram to descramble.
I wouldn't suggest using this as your default driver, but it may be of interest to someone.


--- Code: ---
void __fastcall kof2002WriteWordBankswitch(unsigned int /*sekAddress*/, unsigned short wordValue)
{
unsigned int nBank[] = {
0x100000, 0x280000, 0x300000, 0x180000, 0x000000, 0x380000, 0x200000, 0x080000
};

if (wordValue != nNeo68KROMBank && wordValue < 4) {
nNeo68KROMBank = wordValue;
SekMapMemory(Neo68KROM + 0x100000 + nBank[wordValue * 2 + 0], 0x200000, 0x27FFFF, SM_ROM);
SekMapMemory(Neo68KROM + 0x100000 + nBank[wordValue * 2 + 1], 0x280000, 0x2FFFFF, SM_ROM);
}
}

static int kof2002Init()
{
int nRet;

nNeoTextROMSize = 0x080000;
nNeoProtectionXor = 0xEC;

nRet = NeoInit();

if (nRet == 0) {
// Install protection handler
SekMapHandler(5, 0x2FFFF0, 0x2FFFFF, SM_WRITE);
SekSetWriteWordHandler(5,  kof2002WriteWordBankswitch);

PCM2DecryptVInfo Info = { 0x0A5000, 0x000000, { 0xF9, 0xE0, 0x5D, 0xF3, 0xEA, 0x92, 0xBE, 0xEF } };

PCM2DecryptV(&Info);
}

return nRet;
}


--- End code ---

James33:
Wow thats cool  :biggrin:

iq_132:
The same can be done for samsho5 and samsh5sp


--- Code: ---
void __fastcall samsho5WriteWordBankswitch(unsigned int /*sekAddress*/, unsigned short wordValue)
{
unsigned int nBank[14] = {
0x700000, 0x680000, 0x500000, 0x180000, 0x200000, 0x480000, 0x300000,
0x780000, 0x600000, 0x280000, 0x100000, 0x580000, 0x400000, 0x380000
};

if (wordValue != nNeo68KROMBank && wordValue < 8)
{
nNeo68KROMBank = wordValue;
SekMapMemory(Neo68KROM + nBank[wordValue * 2 + 0], 0x200000, 0x27FFFF, SM_ROM);
SekMapMemory(Neo68KROM + nBank[wordValue * 2 + 1], 0x280000, 0x2FFFFF, SM_ROM);
}
}


SekMapHandler(5, 0x2FFFF0, 0x2FFFFF, SM_WRITE);
SekSetWriteWordHandler(5,  samsho5WriteWordBankswitch);


--- End code ---



--- Code: ---
void __fastcall samsh5spWriteWordBankswitch(unsigned int /*sekAddress*/, unsigned short wordValue)
{
unsigned int nBank[14] = {
0x500000, 0x480000, 0x600000, 0x580000, 0x700000, 0x280000, 0x100000, 
0x680000, 0x400000, 0x780000, 0x200000, 0x380000, 0x300000, 0x180000
};

if (wordValue != nNeo68KROMBank && wordValue < 8)
{
nNeo68KROMBank = wordValue;
SekMapMemory(Neo68KROM + nBank[wordValue * 2 + 0], 0x200000, 0x27FFFF, SM_ROM);
SekMapMemory(Neo68KROM + nBank[wordValue * 2 + 1], 0x280000, 0x2FFFFF, SM_ROM);
}
}


SekMapHandler(5,   0x2FFFF0, 0x2FFFFF, SM_WRITE);
SekSetWriteWordHandler(5,  samsh5spWriteWordBankswitch);


--- End code ---

FerchogtX:
Uhm... looks very interesting this... I hope that is certifyed that is a bank descrambling what is used on this games, because is very... weird that you can descramble a rom wih this XD... but maybe the real MVS work like that and NOT descrambling a ROM directly...

Anyway you gave me an idea... can this be done for patching the AES protection? for example sengoku 3? just wondering
See ya!!!!! :biggrin:

Shoometsu:
the code for kof2002 works on matrim too, thanks XD

Navigation

[0] Message Index

Go to full version