hshavoc.cpp: decapped PIC [Team Caps0ff]

src/mame/drivers/hshavoc.cpp

@@ -15,7 +15,7 @@ CPU
 1x MC68000P8 (main)(12c)
 1x Z8400B (sound)(1a)
 1x custom SEGA315-5660-FC1004 (QFP208)(5d)
-1x PIC16C57 (7a)
+1x PIC16C55 (7a)
 1x oscillator 53.6931MHz (osc1)
 
 ROMs
@@ -30,7 +30,7 @@ Note
 PCB markings:"DE-0407-2 MADE IN JAPAN"
 -----------------------------------
 
-Thanks to DOX, the "mistery chip" has been identified (and verified) as a PIC.
+Thanks to DOX, the "mystery chip" has been identified (and verified) as a PIC.
 Unfortunately it's read protected.
 
 */
@@ -98,22 +98,21 @@ INPUT_PORTS_END
 
 
 ROM_START( hshavoc )
-	ROM_REGION( 0x200000, "maincpu", 0 )
+	ROM_REGION( 0x100000, "maincpu", 0 )
 	ROM_LOAD16_BYTE( "d-25.11a", 0x000000, 0x080000, CRC(6a155060) SHA1(ecb47bd428786e50e300a062b5038f943419a389) )
 	ROM_LOAD16_BYTE( "d-26.9a",  0x000001, 0x080000, CRC(1afa84fe) SHA1(041296e0360b7747aedc2d948c39e06ba03a7d08) )
 
-	ROM_REGION( 0x200000, "user1", 0 ) // other
+	ROM_REGION( 0x400, "user1", 0 ) // other
 	ROM_LOAD( "peel18cv8s.4b.bin",  0x000, 0x155, CRC(b5fb1d5f) SHA1(f0ac80471d97f77f415b5a1f153e1fce66720963) )
 	ROM_LOAD( "peel18cv8s.5b.bin",  0x000, 0x155, CRC(efc7ceea) SHA1(1c31a56bc4b83bfa708048b7de4cee7a24537500) )
 
-	ROM_REGION( 0x200000, "user2", 0 ) // other
-	ROM_LOAD( "pic16c57",  0x00, 0x01, NO_DUMP ) // protected
+	ROM_REGION( 0x407, "user2", 0 )
+	ROM_LOAD( "pic16c55.bin",  0x000, 0x407, CRC(7163eb63) SHA1(d9c2cb7d24ce070d43597fabf012ebce47693954) ) // decapped
 ROM_END
 
 
 DRIVER_INIT_MEMBER(md_boot_state,hshavoc)
 {
-	int x;
 	uint16_t *src = (uint16_t *)memregion("maincpu")->base();
 
 	static const uint16_t typedat[16] = {
@@ -124,12 +123,12 @@ DRIVER_INIT_MEMBER(md_boot_state,hshavoc)
 	/* I think the PIC that exists on the PCB controls a state-based encryption... there is a large amount
 	   of code encrypted using the same encryption as the data, but all the startup-code + vectors use additional
 	   encryption.. maybe the PIC can also patch the code, I'm also concerned that we may decrypt it and find
-	   that it runs as the genesis (no insert coin etc.) version without the PIC, or the PIC supplies additonal
+	   that it runs as the Genesis (no insert coin etc.) version without the PIC, or the PIC supplies additional
 	   code in RAM.. but as of yet we can't know */
 
 	int rom_size = 0xe8000;
 
-	for (x = 0; x < rom_size / 2; x++)
+	for (int x = 0; x < rom_size / 2; x++)
 	{
 		src[x] = bitswap<16>(src[x],
 								7, 15,6, 14,
@@ -160,7 +159,7 @@ DRIVER_INIT_MEMBER(md_boot_state,hshavoc)
 	}
 
 	/* START e? from e80000 to end you need THIS ALONE to match the genesis rom */
-	for (x = rom_size / 2; x < 0x100000 / 2; x++)
+	for (int x = rom_size / 2; x < 0x100000 / 2; x++)
 	{
 		src[x] = bitswap<16>(src[x],
 								7, 15,6, 14,
@@ -188,7 +187,7 @@ DRIVER_INIT_MEMBER(md_boot_state,hshavoc)
 	   there are several blocks of code like this, all appear to end with a normal rts instruction
 	   tho...
 	   */
-	for (x = 0xc42 / 2; x < 0xc9a / 2; x++)
+	for (int x = 0xc42 / 2; x < 0xc9a / 2; x++)
 	{
 		src[x] ^= 0x0107; //? seems conditional..
 
@@ -223,4 +222,4 @@ DRIVER_INIT_MEMBER(md_boot_state,hshavoc)
 }
 
 
-GAME( 1993, hshavoc,   0,        md_bootleg, hshavoc, md_boot_state, hshavoc, ROT0, "Data East",                  "High Seas Havoc",MACHINE_NOT_WORKING )
+GAME( 1993, hshavoc, 0, md_bootleg, hshavoc, md_boot_state, hshavoc, ROT0, "Data East", "High Seas Havoc", MACHINE_NOT_WORKING )