Not entirely FBA-related, but I figured I should to a status report.
I have been working on giving a bit back to the MAME project (since it has been so instrumental to FBA's growth).
The first game I worked on for MAME was
Metal Slug X. It was the last official Neo-Geo game that was not properly emulated. The protection routines used by the game were patched out and the device was ignored -- it had been that way since it was added to MAME 0.35RC2 (June of 1999)!!. After a great deal of disassembling 68k routines, I, for the most part, figured out that the game compares a 4kb block of data at address 0xdedd2 of the program rom to whatever the protection device returns, but it does this a single bit at a time. The protection device seems to also have two modes of operation. As a note to all rom hackers -- a great way to remove the protection without all the complicated patches is to simply set all data from 0xdedd2 - 0xdfdd1 to 0!
Next, I took a look at
IGS' Lord of Gun. The protection for this game was fairly straight forward -- increment a counter and only return the proper value if the counter matches certain conditions.
After that, I looked at
Data East's Caveman Ninja (Joe and Mac). The complicated parts of the protection routine were already figured out, so it took little effort to figure out the rest. The device basically takes acts like ram, but modifies the data written, often putting it in different addresses than it is written to, and even xoring or shifting the data. The inputs are also mapped to the protection device.
Next was
SunA's Ultra Balloon. The protection for this game was very similar to Lord of Gun's. Basically take some data, check some conditions on it. If it matches, return the expected result. This one takes a data write from the game, and compares bit 4 to bit 5, and bit 0 to 1. The device will return 0, 1, 2, 3 depending on the result of this comparison.
Next I fixed a bug I introduced a while back in
Knights of Valour's protection simulation. This resulted in the game crashing on level 6. It took me a while to play that far (even with cheats [Long game!]). It was simply a matter of comparing the old routines against the newer buggy one. I quickly noticed that the problem was with the routine that calculates where the background tile offset is. I simply had to use a SIGNED variable instead of an UNSIGNED variable, as this routine expects to be able to use negative numbers!
Street Fighter II': Champion Edition (Rainbow set 1, bootleg) and Street Fighter II': Champion Edition (Rainbow set 2, bootleg) have had rom patches for a long time (since they were added?). After a quick look it was pretty easy to see that the games were reading from an unmapped area, taking the resulting reads, doing some simple math with them, adding them to an address, and then jumping there. This means that I can't be sure about the values that my protection
simulation is returning, but it works just fine.
Data East's
Fighting Fantasy (bootleg with 68705) on dec0 hardware was my next target. It was just giving a black screen. After a quick glance, it was easy to see that it was using a completely wrong memory map (midres). After that change, it looked at what the game was doing -- looping over and over at a couple of addresses. One turned out to be the VBLANK. I added a memory handler to deal with that and the other was the bootleg checking where the vblank was in the non-bootleg. It seems that the bootleg didn't want it to be the vblank, and lastly that was reading from an unmapped address expecting some data otherwise it wouldn't read the coin inputs! I finally left it as far as I could get it. It needs someone to look at layer 3 -- this is normally written by the sub cpu, but this game doesn't have one and seems to write it elsewhere. I'm not sure about the data is uses though...
I also took a look at
Puzzle & Action: Ichidant-R (Japan) (bootleg) on Sega's c2 (MD-based) hardware. This game had a very simple bootleg protection. It simply expected to read -0x0b (0xf5) from a single address. With that, I could remove the rom hack patch that was added to make it work.
Lastly I added a driver and decrypt routines for
The King of Fighters '97 Oroshi Plus 2003 (bootleg). This was dumped by Smittdog and the Dumping Union. The C1 and C2 weren't dumped as they use some weird roms that Smitt didn't recognize. Not a big deal though -- JackC pointed out to me that the game seemed to be the same as kof97pla that is in FBA! After figuring out the decryption for the program roms, I verified that kof97pla was the same as kof97oro. This let me know that the Cx roms should match with the original kof97 ones. So I simply merged and scrambled them as they would be in the bootleg and the game worked perfectly!
tl;dr - I spent a lot of time working on things that your average MAME user is never going to notice.
