Merge pull request #2734 from DavidHaywood/201017

dump 2 new kov3 clones, redump existing v102 set.
This commit is contained in:
R. Belmont 2017-10-20 15:04:11 -04:00 committed by GitHub
commit 2093d2e7cb
2 changed files with 159 additions and 16 deletions

View File

@ -67,6 +67,9 @@ public:
DECLARE_DRIVER_INIT(orleg2);
DECLARE_DRIVER_INIT(ddpdojh);
DECLARE_DRIVER_INIT(kov3);
DECLARE_DRIVER_INIT(kov3_104);
DECLARE_DRIVER_INIT(kov3_102);
DECLARE_DRIVER_INIT(kov3_100);
virtual void machine_start() override;
virtual void machine_reset() override;
@ -74,13 +77,15 @@ public:
uint32_t screen_update_pgm2(screen_device &screen, bitmap_ind16 &bitmap, const rectangle &cliprect);
DECLARE_WRITE_LINE_MEMBER(screen_vblank_pgm2);
required_device<cpu_device> m_maincpu;
private:
void pgm_create_dummy_internal_arm_region();
void decrypt_kov3_module(uint32_t addrxor, uint16_t dataxor);
};
static ADDRESS_MAP_START( pgm2_map, AS_PROGRAM, 32, pgm2_state )
AM_RANGE(0x00000000, 0x00003fff) AM_ROM //AM_REGION("user1", 0x00000) // internal ROM
// these might be swapped
AM_RANGE(0x10000000, 0x107fffff) AM_ROM AM_MIRROR(0x0f800000) AM_REGION("user1", 0) // external ROM
AM_RANGE(0x20000000, 0x2007ffff) AM_RAM // main SRAM?
// This doesn't exist, it's just necessary because our stub IPL doesn't set SP
@ -166,6 +171,7 @@ static GFXDECODE_START( pgm2 )
GFXDECODE_END
void pgm2_state::pgm_create_dummy_internal_arm_region()
{
uint16_t *temp16 = (uint16_t *)memregion("maincpu")->base();
@ -194,6 +200,56 @@ void pgm2_state::pgm_create_dummy_internal_arm_region()
temp16[(base) / 2] = addr & 0xffff; base += 2;
temp16[(base) / 2] = (addr >> 16) & 0xffff; base += 2;
/* debug code to find jumps to the internal ROM and put jumps back to where we came from in the internal ROM space */
uint16_t *gamerom = (uint16_t *)memregion("user1")->base();
int gameromlen = memregion("user1")->bytes() / 2;
for (int i = 0;i < gameromlen - 3;i++)
{
uint16_t val1 = gamerom[i];
uint16_t val2 = gamerom[i + 1];
if ((val1 == 0xF004) && (val2 == 0xe51f))
{
uint16_t val3 = gamerom[i + 2];
uint16_t val4 = gamerom[i + 3];
uint32_t jump = (val4 << 16) | val3;
if (jump < 0x10000000) // jumps to internal ROM
{
logerror("internal ROM jump found at %08x (jump is %08x)", i * 2, jump);
if (jump & 1)
{
logerror(" (To THUMB)");
jump &= ~1;
// put a BX R14 there
temp16[(jump / 2)] = 0x4770;
}
else
{
// put a BX R14 there
temp16[(jump / 2)] = 0xFF1E;
temp16[(jump / 2) + 1] = 0xE12F;
}
logerror("\n");
}
else if (jump < 0x20000000) // jumps to RAM
{
logerror("RAM jump found at %08x (jump is %08x)", i * 2, jump);
if (jump & 1) logerror(" (To THUMB)");
logerror("\n");
}
else // anything else is to ROM
{
logerror("ROM jump found at %08x (jump is %08x)", i * 2, jump);
if (jump & 1) logerror(" (To THUMB)");
logerror("\n");
}
}
}
}
@ -408,18 +464,71 @@ ROM_START( ddpdojh )
ROM_LOAD16_WORD_SWAP( "ddpdoj_wave0.u12", 0x00000000, 0x1000000, CRC(2b71a324) SHA1(f69076cc561f40ca564d804bc7bd455066f8d77c) )
ROM_END
/*
The Kov3 Program rom is a module consisting of a NOR flash and a FPGA, this provides an extra layer of encryption on top of the usual
that is only unlocked when the correct sequence is recieved from the ARM MCU (IGS036)
Newer gambling games use the same modules.
*/
ROM_START( kov3 )
ROM_REGION( 0x04000, "maincpu", 0 )
ROM_LOAD( "kov3_igs036.rom", 0x00000000, 0x0004000, NO_DUMP )
ROM_REGION( 0x800000, "user1", 0 ) /* custom ROM module instead of regular ROMs, this might be incorrect - same module is used on newer gambling boards */
ROM_REGION( 0x800000, "user1", 0 )
ROM_LOAD( "kov3_v104cn_raw.bin", 0x00000000, 0x0800000, CRC(1b5cbd24) SHA1(6471d4842a08f404420dea2bd1c8b88798c80fd5) )
// this was an attempt to read the ROM module directly and could be bad
ROM_LOAD( "kov3_v102cn_direct.bin", 0x00000000, 0x0800000, CRC(2568cca4) SHA1(3f0e949bc0ae5d7ec0109f2748b30024dcd19ac4) )
// this was read with a logic analyser after booting, you can't however replace the module directly with this because some kind of
// additional check / communication with the module is done on startup resulting in the internal ROM refusing to boot it
ROM_LOAD( "kov3_v102cn.bin", 0x00000000, 0x0800000, CRC(1fcedff3) SHA1(522538510c5f94e8b1f641250c25a2a58962ca42) )
ROM_REGION( 0x200000, "tiles", ROMREGION_ERASEFF )
ROM_LOAD( "kov3_text.u1", 0x00000000, 0x0200000, CRC(198b52d6) SHA1(e4502abe7ba01053d16c02114f0c88a3f52f6f40) )
ROM_REGION( 0x2000000, "bgtile", 0 )
ROM_LOAD32_WORD( "kov3_bgl.u6", 0x00000000, 0x1000000, CRC(49a4c5bc) SHA1(26b7da91067bda196252520e9b4893361c2fc675) )
ROM_LOAD32_WORD( "kov3_bgh.u7", 0x00000002, 0x1000000, CRC(adc1aff1) SHA1(b10490f0dbef9905cdb064168c529f0b5a2b28b8) )
ROM_REGION( 0x4000000, "spritesa", 0 ) // 1bpp sprite mask data
ROM_LOAD32_WORD( "kov3_mapl0.u15", 0x00000000, 0x2000000, CRC(9e569bf7) SHA1(03d26e000e9d8e744546be9649628d2130f2ec4c) )
ROM_LOAD32_WORD( "kov3_maph0.u16", 0x00000002, 0x2000000, CRC(6f200ad8) SHA1(cd12c136d4f5d424bd7daeeacd5c4127beb3d565) )
ROM_REGION( 0x8000000, "spritesb", 0 ) // sprite colour data
ROM_LOAD32_WORD( "kov3_spa0.u17", 0x00000000, 0x4000000, CRC(3a1e58a9) SHA1(6ba251407c69ee62f7ea0baae91bc133acc70c6f) )
ROM_LOAD32_WORD( "kov3_spb0.u10", 0x00000002, 0x4000000, CRC(90396065) SHA1(01bf9f69d77a792d5b39afbba70fbfa098e194f1) )
ROM_REGION( 0x4000000, "ymz770", ROMREGION_ERASEFF ) /* ymz770 */
ROM_LOAD16_WORD_SWAP( "kov3_wave0.u13", 0x00000000, 0x4000000, CRC(aa639152) SHA1(2314c6bd05524525a31a2a4668a36a938b924ba4) )
ROM_END
ROM_START( kov3_102 )
ROM_REGION( 0x04000, "maincpu", 0 )
ROM_LOAD( "kov3_igs036.rom", 0x00000000, 0x0004000, NO_DUMP )
ROM_REGION( 0x800000, "user1", 0 )
ROM_LOAD( "kov3_v102cn_raw.bin", 0x00000000, 0x0800000, CRC(61d0dabd) SHA1(959b22ef4e342ca39c2386549ac7274f9d580ab8) )
ROM_REGION( 0x200000, "tiles", ROMREGION_ERASEFF )
ROM_LOAD( "kov3_text.u1", 0x00000000, 0x0200000, CRC(198b52d6) SHA1(e4502abe7ba01053d16c02114f0c88a3f52f6f40) )
ROM_REGION( 0x2000000, "bgtile", 0 )
ROM_LOAD32_WORD( "kov3_bgl.u6", 0x00000000, 0x1000000, CRC(49a4c5bc) SHA1(26b7da91067bda196252520e9b4893361c2fc675) )
ROM_LOAD32_WORD( "kov3_bgh.u7", 0x00000002, 0x1000000, CRC(adc1aff1) SHA1(b10490f0dbef9905cdb064168c529f0b5a2b28b8) )
ROM_REGION( 0x4000000, "spritesa", 0 ) // 1bpp sprite mask data
ROM_LOAD32_WORD( "kov3_mapl0.u15", 0x00000000, 0x2000000, CRC(9e569bf7) SHA1(03d26e000e9d8e744546be9649628d2130f2ec4c) )
ROM_LOAD32_WORD( "kov3_maph0.u16", 0x00000002, 0x2000000, CRC(6f200ad8) SHA1(cd12c136d4f5d424bd7daeeacd5c4127beb3d565) )
ROM_REGION( 0x8000000, "spritesb", 0 ) // sprite colour data
ROM_LOAD32_WORD( "kov3_spa0.u17", 0x00000000, 0x4000000, CRC(3a1e58a9) SHA1(6ba251407c69ee62f7ea0baae91bc133acc70c6f) )
ROM_LOAD32_WORD( "kov3_spb0.u10", 0x00000002, 0x4000000, CRC(90396065) SHA1(01bf9f69d77a792d5b39afbba70fbfa098e194f1) )
ROM_REGION( 0x4000000, "ymz770", ROMREGION_ERASEFF ) /* ymz770 */
ROM_LOAD16_WORD_SWAP( "kov3_wave0.u13", 0x00000000, 0x4000000, CRC(aa639152) SHA1(2314c6bd05524525a31a2a4668a36a938b924ba4) )
ROM_END
ROM_START( kov3_100 )
ROM_REGION( 0x04000, "maincpu", 0 )
ROM_LOAD( "kov3_igs036.rom", 0x00000000, 0x0004000, NO_DUMP )
ROM_REGION( 0x800000, "user1", 0 )
ROM_LOAD( "kov3_v100cn_raw.bin", 0x00000000, 0x0800000, CRC(93bca924) SHA1(ecaf2c4676eb3d9f5e4fdbd9388be41e51afa0e4) )
ROM_REGION( 0x200000, "tiles", ROMREGION_ERASEFF )
ROM_LOAD( "kov3_text.u1", 0x00000000, 0x0200000, CRC(198b52d6) SHA1(e4502abe7ba01053d16c02114f0c88a3f52f6f40) )
@ -543,23 +652,55 @@ DRIVER_INIT_MEMBER(pgm2_state,kov3)
pgm_create_dummy_internal_arm_region();
}
void pgm2_state::decrypt_kov3_module(uint32_t addrxor, uint16_t dataxor)
{
uint16_t *src = (uint16_t *)memregion("user1")->base();
uint32_t size = memregion("user1")->bytes();
std::vector<uint16_t> buffer(size/2);
for (int i = 0; i < size/2; i++)
buffer[i] = src[i^addrxor]^dataxor;
memcpy(src, &buffer[0], size);
}
DRIVER_INIT_MEMBER(pgm2_state, kov3_104)
{
decrypt_kov3_module(0x18ec71, 0xb89d);
DRIVER_INIT_CALL(kov3);
}
DRIVER_INIT_MEMBER(pgm2_state, kov3_102)
{
decrypt_kov3_module(0x021d37, 0x81d0);
DRIVER_INIT_CALL(kov3);
}
DRIVER_INIT_MEMBER(pgm2_state, kov3_100)
{
decrypt_kov3_module(0x3e8aa8, 0xc530);
DRIVER_INIT_CALL(kov3);
}
/* PGM2 */
GAME( 2007, orleg2, 0, pgm2, pgm2, pgm2_state, orleg2, ROT0, "IGS", "Oriental Legend 2 (V104, China)", MACHINE_IS_SKELETON )
GAME( 2007, orleg2o, orleg2, pgm2, pgm2, pgm2_state, orleg2, ROT0, "IGS", "Oriental Legend 2 (V103, China)", MACHINE_IS_SKELETON )
GAME( 2007, orleg2oa, orleg2, pgm2, pgm2, pgm2_state, orleg2, ROT0, "IGS", "Oriental Legend 2 (V101, China)", MACHINE_IS_SKELETON )
// should be earlier versions too.
// should be a V100 too
GAME( 2008, kov2nl, 0, pgm2, pgm2, pgm2_state, kov2nl, ROT0, "IGS", "Knights of Valour 2 New Legend (V302, China)", MACHINE_IS_SKELETON )
GAME( 2008, kov2nlo, kov2nl, pgm2, pgm2, pgm2_state, kov2nl, ROT0, "IGS", "Knights of Valour 2 New Legend (V301, China)", MACHINE_IS_SKELETON )
GAME( 2008, kov2nloa, kov2nl, pgm2, pgm2, pgm2_state, kov2nl, ROT0, "IGS", "Knights of Valour 2 New Legend (V300, Taiwan)", MACHINE_IS_SKELETON )
// should be earlier versions too.
GAME( 2010, ddpdojh, 0, pgm2, pgm2, pgm2_state, ddpdojh, ROT270, "IGS", "Dodonpachi Daioujou Tamashii (V201, China)", MACHINE_IS_SKELETON )
// should be earlier versions too.
// should be a V200 too
GAME( 2011, kov3, 0, pgm2, pgm2, pgm2_state, kov3, ROT0, "IGS", "Knights of Valour 3 (V102, China)", MACHINE_IS_SKELETON )
// should be earlier versions too.
GAME( 2011, kov3, 0, pgm2, pgm2, pgm2_state, kov3_104, ROT0, "IGS", "Knights of Valour 3 (V104, China)", MACHINE_IS_SKELETON )
GAME( 2011, kov3_102, kov3, pgm2, pgm2, pgm2_state, kov3_102, ROT0, "IGS", "Knights of Valour 3 (V102, China)", MACHINE_IS_SKELETON )
GAME( 2011, kov3_100, kov3, pgm2, pgm2, pgm2_state, kov3_100, ROT0, "IGS", "Knights of Valour 3 (V100, China)", MACHINE_IS_SKELETON )
// should be V103 and V101 at least
// The King of Fighters '98 - Ultimate Match - Hero
// Jigsaw World Arena

View File

@ -31186,6 +31186,8 @@ kov2nl // (c) 2008
kov2nlo //
kov2nloa //
kov3 //
kov3_102 //
kov3_100 //
orleg2 // (c) 2007
orleg2o //
orleg2oa //