/* this function checks the cache to see if the current state is cached, if it is then it copies the cached data to the user region where code is executed from, if its not cached then it gets decrypted to the current cache position using the functions in s24_fd1094.c */ static void s24_fd1094_setstate_and_decrypt(running_machine *machine, int state) { int i; UINT32 addr; switch (state & 0x300) { case 0x000: case FD1094_STATE_RESET: fd1094_selected_state = state & 0xff; break; } fd1094_state = state; cpu_set_reg(cputag_get_cpu(machine, "sub"), M68K_PREF_ADDR, 0x0010); // force a flush of the prefetch cache /* set the s24_fd1094 state ready to decrypt.. */ state = fd1094_set_state(s24_fd1094_key,state) & 0xff; /* first check the cache, if its cached we don't need to decrypt it, just copy */ for (i = 0; i < S16_NUMCACHE; i++) { if (fd1094_cached_states[i] == state) { /* copy cached state */ s24_fd1094_userregion = s24_fd1094_cacheregion[i]; memory_set_decrypted_region(cputag_get_address_space(machine, "sub", ADDRESS_SPACE_PROGRAM), 0, s24_fd1094_cpuregionsize - 1, s24_fd1094_userregion); m68k_set_encrypted_opcode_range(cputag_get_cpu(machine, "sub"), 0, s24_fd1094_cpuregionsize); return; } } // mame_printf_debug("new state %04x\n",state); /* mark it as cached (because it will be once we decrypt it) */ fd1094_cached_states[fd1094_current_cacheposition] = state; for (addr = 0; addr < s24_fd1094_cpuregionsize / 2; addr++) { UINT16 dat; dat = fd1094_decode(addr, s24_fd1094_cpuregion[addr], s24_fd1094_key, 0); s24_fd1094_cacheregion[fd1094_current_cacheposition][addr] = dat; } /* copy newly decrypted data to user region */ s24_fd1094_userregion = s24_fd1094_cacheregion[fd1094_current_cacheposition]; memory_set_decrypted_region(cputag_get_address_space(machine, "sub", ADDRESS_SPACE_PROGRAM), 0, s24_fd1094_cpuregionsize - 1, s24_fd1094_userregion); m68k_set_encrypted_opcode_range(cputag_get_cpu(machine, "sub"), 0, s24_fd1094_cpuregionsize); fd1094_current_cacheposition++; if (fd1094_current_cacheposition >= S16_NUMCACHE) { mame_printf_debug("out of cache, performance may suffer, incrase S16_NUMCACHE!\n"); fd1094_current_cacheposition = 0; } }
/* this function checks the cache to see if the current state is cached, if it is then it copies the cached data to the user region where code is executed from, if its not cached then it gets decrypted to the current cache position using the functions in s24_fd1094.c */ static void s24_fd1094_setstate_and_decrypt(int state) { int i; UINT32 addr; cpunum_set_info_int(1, CPUINFO_INT_REGISTER + M68K_PREF_ADDR, 0x0010); // force a flush of the prefetch cache /* set the s24_fd1094 state ready to decrypt.. */ state = fd1094_set_state(s24_fd1094_key,state) & 0xff; /* first check the cache, if its cached we don't need to decrypt it, just copy */ for (i=0;i<S16_NUMCACHE;i++) { if (fd1094_cached_states[i] == state) { /* copy cached state */ s24_fd1094_userregion=s24_fd1094_cacheregion[i]; memory_set_decrypted_region(1, 0, s24_fd1094_cpuregionsize - 1, s24_fd1094_userregion); m68k_set_encrypted_opcode_range(1,0,s24_fd1094_cpuregionsize); return; } } // mame_printf_debug("new state %04x\n",state); /* mark it as cached (because it will be once we decrypt it) */ fd1094_cached_states[fd1094_current_cacheposition]=state; for (addr=0;addr<s24_fd1094_cpuregionsize/2;addr++) { UINT16 dat; dat = fd1094_decode(addr,s24_fd1094_cpuregion[addr],s24_fd1094_key,0); s24_fd1094_cacheregion[fd1094_current_cacheposition][addr]=dat; } /* copy newly decrypted data to user region */ s24_fd1094_userregion=s24_fd1094_cacheregion[fd1094_current_cacheposition]; memory_set_decrypted_region(1, 0, s24_fd1094_cpuregionsize - 1, s24_fd1094_userregion); m68k_set_encrypted_opcode_range(1,0,s24_fd1094_cpuregionsize); fd1094_current_cacheposition++; if (fd1094_current_cacheposition>=S16_NUMCACHE) { mame_printf_debug("out of cache, performance may suffer, incrase S16_NUMCACHE!\n"); fd1094_current_cacheposition=0; } }
void nec_v25_cpu_decrypt(void) { int i; unsigned char *rom = memory_region(REGION_CPU3); UINT8* decrypted = auto_malloc(0x100000); UINT8* temp = malloc_or_die(0x100000); // set CPU3 opcode base memory_set_decrypted_region(2, 0x00000, 0xfffff, decrypted); // make copy of ROM so original can be overwritten memcpy(temp, rom, 0x10000); for(i = 0; i < 0x10000; i++) { int j = BITSWAP16(i, 14, 11, 15, 12, 13, 4, 3, 7, 5, 10, 2, 8, 9, 6, 1, 0); // normal ROM data with address swap undone rom[i] = temp[j]; // decryped opcodes with address swap undone decrypted[i] = ga2_v25_opcode_table[ temp[j] ]; } memcpy(rom+0xf0000, rom, 0x10000); memcpy(decrypted+0xf0000, decrypted, 0x10000); free(temp); }
void irem_cpu_decrypt(int cpu,const UINT8 *decryption_table) { int A,size; UINT8 *rom; /* int t[256]; */ #ifdef MAME_DEBUG /* extern char *opmap1[]; */ #endif rom = memory_region(cpu+REGION_CPU1); size = memory_region_length(cpu+REGION_CPU1); irem_cpu_decrypted = auto_malloc(size); memory_set_decrypted_region(cpu,0,size-1,irem_cpu_decrypted); for (A = 0;A < size;A++) irem_cpu_decrypted[A] = decryption_table[rom[A]]; /* for (A=0; A<256; A++) { t[A]=0; for (diff=0; diff<256; diff++) if (decryption_table[diff]==A) { t[A]++; } #ifdef MAME_DEBUG // if (t[A]==0) logerror("Unused: [%d] %02x\t%s\n",byte_count_table[A],A,opmap1[A]); // if (t[A]>1) logerror("DUPLICATE: %02x\t%s\n",A,opmap1[A]); #else if (t[A]==0) logerror("Unused: [%d] %02x\n",byte_count_table[A],A); if (t[A]>1) logerror("DUPLICATE: %02x\n",A); #endif } */ }
static void set_decrypted_region(void) { if (fd1094_set_decrypted != NULL) (*fd1094_set_decrypted)((UINT8 *)fd1094_userregion); else memory_set_decrypted_region(0, 0, fd1094_cpuregionsize - 1, fd1094_userregion); }
static void decode(int cpu) { UINT8 *rom = memory_region(REGION_CPU1+cpu); int size = memory_region_length(REGION_CPU1+cpu); int A; konami1_decrypted = auto_malloc(size); memory_set_decrypted_region(cpu, 0x0000, 0xffff, konami1_decrypted); for (A = 0;A < size;A++) { konami1_decrypted[A] = konami1_decodebyte(rom[A],A); } }
ROM_END /************************************* * * Game-specific driver inits * *************************************/ static DRIVER_INIT(gigas) { memory_set_decrypted_region(0, 0x0000, 0x7fff, memory_region(REGION_CPU1) + 0x10000); }
ROM_END static DRIVER_INIT( progolf ) { int A; UINT8 *rom = memory_region(REGION_CPU1); UINT8* decrypted = auto_malloc(0x10000); memory_set_decrypted_region(0,0x0000,0xffff, decrypted); /* Swap bits 5 & 6 for opcodes */ for (A = 0;A < 0x10000;A++) decrypted[A] = BITSWAP8(rom[A],7,5,6,4,3,2,1,0); }
UINT8 *konami1_decode(running_machine *machine, const char *cpu) { const address_space *space = cputag_get_address_space(machine, cpu, ADDRESS_SPACE_PROGRAM); const UINT8 *rom = memory_region(machine, cpu); int size = memory_region_length(machine, cpu); int A; UINT8 *decrypted = auto_alloc_array(machine, UINT8, size); memory_set_decrypted_region(space, 0x0000, 0xffff, decrypted); for (A = 0;A < size;A++) { decrypted[A] = konami1_decodebyte(rom[A],A); } return decrypted; }
void seibu_sound_decrypt(int cpu_region,int length) { UINT8 *decrypt = auto_malloc(length); UINT8 *rom = memory_region(cpu_region); int i; memory_set_decrypted_region(cpu_region - REGION_CPU1, 0x0000, (length < 0x10000) ? (length - 1) : 0x1fff, decrypt); for (i = 0;i < length;i++) { UINT8 src = rom[i]; rom[i] = decrypt_data(i,src); decrypt[i] = decrypt_opcode(i,src); } if (length > 0x10000) memory_configure_bank_decrypted(1, 0, (length - 0x10000) / 0x8000, decrypt + 0x10000, 0x8000); }
void irem_cpu_decrypt(int cpu,const UINT8 *decryption_table) { int A,size; UINT8 *rom; // int t[256]; #ifdef MAME_DEBUG // extern char *opmap1[]; #endif rom = memory_region(cpu+REGION_CPU1); size = memory_region_length(cpu+REGION_CPU1); irem_cpu_decrypted = auto_malloc(size); memory_set_decrypted_region(cpu,0,size-1,irem_cpu_decrypted); for (A = 0;A < size; A++) irem_cpu_decrypted[A] = decryption_table[rom[A]]; // RZ note: // for "gussun" and "riskchal" an hack to not decrypt a not encrypted routine // we need a real nec v25+/35+ core to support 0x63 (brkn for "break native") instruction // for now we use "cd" (int) instruction + hack (to force to not decrypt the code from 0xa8fd to 0xa90b) if (m90_game_kludge==1) // for gussun and riskchal for (A = 0xa8fd;A < 0xa90c; A++) irem_cpu_decrypted[A] = rom[A]; /* for (A=0; A<256; A++) { t[A]=0; for (diff=0; diff<256; diff++) if (decryption_table[diff]==A) { t[A]++; } #ifdef MAME_DEBUG // if (t[A]==0) logerror("Unused: [%d] %02x\t%s\n",byte_count_table[A],A,opmap1[A]); // if (t[A]>1) logerror("DUPLICATE: %02x\t%s\n",A,opmap1[A]); #else if (t[A]==0) logerror("Unused: [%d] %02x\n",byte_count_table[A],A); if (t[A]>1) logerror("DUPLICATE: %02x\n",A); #endif } */ }
ROM_END DRIVER_INIT( mouser ) { /* Decode the opcodes */ offs_t i; UINT8 *rom = memory_region(REGION_CPU1); UINT8 *decrypted = auto_malloc(0x6000); UINT8 *table = memory_region(REGION_USER1); memory_set_decrypted_region(0, 0x0000, 0x5fff, decrypted); for (i = 0;i < 0x6000;i++) { decrypted[i] = table[rom[i]]; } }
ROM_END static DRIVER_INIT( mouser ) { /* Decode the opcodes */ offs_t i; const address_space *space = cputag_get_address_space(machine, "maincpu", ADDRESS_SPACE_PROGRAM); UINT8 *rom = memory_region(machine, "maincpu"); UINT8 *decrypted = auto_alloc_array(machine, UINT8, 0x6000); UINT8 *table = memory_region(machine, "user1"); memory_set_decrypted_region(space, 0x0000, 0x5fff, decrypted); for (i = 0; i < 0x6000; i++) { decrypted[i] = table[rom[i]]; } }
ROM_END #define ROL(x,n) (BITSWAP8((x),(7+8-n)&7,(6+8-n)&7,(5+8-n)&7,(4+8-n)&7,(3+8-n)&7,(2+8-n)&7,(1+8-n)&7,(0+8-n)&7)) #define WRITEDEST( n ) \ dest[idx]=n; \ dest[idx+0x10000]=(n)^0xff; \ idx++; static DRIVER_INIT(tcl) { /* only the first part is decrypted (and verified)*/ const address_space *space = cputag_get_address_space(machine, "maincpu", ADDRESS_SPACE_PROGRAM); UINT8 *dest = memory_region(machine, "maincpu"); int len = memory_region_length(machine, "maincpu"); UINT8 *src = alloc_array_or_die(UINT8, len); int i,idx=0; memcpy(src, dest, len); for(i=0;i<64*1024;i+=4) { if(i&0x8000) { WRITEDEST(ROL(src[idx]^0x44,4)); // abcdefgh -> aFghaBcd WRITEDEST(ROL(src[idx]^0x44,7)); // abcdefgh -> haBcdeFg WRITEDEST(ROL(src[idx]^0x44,2)); // abcdefgh -> cdeFghaB WRITEDEST((src[idx]^0x44)^0xf0); // abcdefgh -> AbCEeFgh } else { WRITEDEST(ROL(src[idx]^0x11,4)); // abcdefgh -> efgHabcD WRITEDEST(ROL(src[idx]^0x11,7)); // abcdefgh -> HabcDefg WRITEDEST(ROL(src[idx]^0x11,2)); // abcdefgh -> cDefgHab WRITEDEST((src[idx]^0x11)^0xf0); // abcdefgh -> ABCdefgH } } free(src); memory_set_decrypted_region(space, 0x0000, 0x7fff, dest+0x10000); }
ROM_END #define ROL(x,n) (BITSWAP8((x),(7+8-n)&7,(6+8-n)&7,(5+8-n)&7,(4+8-n)&7,(3+8-n)&7,(2+8-n)&7,(1+8-n)&7,(0+8-n)&7)) #define WRITEDEST( n ) \ dest[idx]=n; \ dest[idx+0x10000]=(n)^0xff; \ idx++; DRIVER_INIT(tcl) { /* only the first part is decrypted (and verified)*/ UINT8 *dest = memory_region(REGION_CPU1); UINT8 *src = malloc_or_die(memory_region_length(REGION_CPU1)); int i,idx=0; memcpy(src, dest, memory_region_length(REGION_CPU1)); for(i=0;i<64*1024;i+=4) { if(i&0x8000) { WRITEDEST(ROL(src[idx]^0x44,4)); // abcdefgh -> aFghaBcd WRITEDEST(ROL(src[idx]^0x44,7)); // abcdefgh -> haBcdeFg WRITEDEST(ROL(src[idx]^0x44,2)); // abcdefgh -> cdeFghaB WRITEDEST((src[idx]^0x44)^0xf0); // abcdefgh -> AbCEeFgh } else { WRITEDEST(ROL(src[idx]^0x11,4)); // abcdefgh -> efgHabcD WRITEDEST(ROL(src[idx]^0x11,7)); // abcdefgh -> HabcDefg WRITEDEST(ROL(src[idx]^0x11,2)); // abcdefgh -> cDefgHab WRITEDEST((src[idx]^0x11)^0xf0); // abcdefgh -> ABCdefgH } } free(src); memory_set_decrypted_region(0, 0x0000, 0x7fff, dest+0x10000); }
static void cps2_decrypt(const UINT32 *master_key, unsigned int upper_limit) { UINT16 *rom = (UINT16 *)memory_region(REGION_CPU1); int length = memory_region_length(REGION_CPU1); UINT16 *dec = auto_malloc(length); int i; UINT32 key1[4]; // expand master key to 1st FN 96-bit key expand_1st_key(key1, master_key); // add extra bits for s-boxes with less than 6 inputs key1[0] ^= BIT(key1[0], 1) << 4; key1[0] ^= BIT(key1[0], 2) << 5; key1[0] ^= BIT(key1[0], 8) << 11; key1[1] ^= BIT(key1[1], 0) << 5; key1[1] ^= BIT(key1[1], 8) << 11; key1[2] ^= BIT(key1[2], 1) << 5; key1[2] ^= BIT(key1[2], 8) << 11; for (i = 0; i < 0x10000; ++i) { int a; UINT16 seed; UINT32 subkey[2]; UINT32 key2[4]; if ((i & 0xff) == 0) { char loadingMessage[256]; // for displaying with UI sprintf(loadingMessage, "Decrypting %d%%", i*100/0x10000); ui_set_startup_text(loadingMessage,FALSE); } // pass the address through FN1 seed = feistel(i, fn1_groupA, fn1_groupB, fn1_r1_boxes, fn1_r2_boxes, fn1_r3_boxes, fn1_r4_boxes, key1[0], key1[1], key1[2], key1[3]); // expand the result to 64-bit expand_subkey(subkey, seed); // XOR with the master key subkey[0] ^= master_key[0]; subkey[1] ^= master_key[1]; // expand key to 2nd FN 96-bit key expand_2nd_key(key2, subkey); // add extra bits for s-boxes with less than 6 inputs key2[0] ^= BIT(key2[0], 0) << 5; key2[0] ^= BIT(key2[0], 6) << 11; key2[1] ^= BIT(key2[1], 0) << 5; key2[1] ^= BIT(key2[1], 1) << 4; key2[2] ^= BIT(key2[2], 2) << 5; key2[2] ^= BIT(key2[2], 3) << 4; key2[2] ^= BIT(key2[2], 7) << 11; key2[3] ^= BIT(key2[3], 1) << 5; // decrypt the opcodes for (a = i; a < length/2 && a < upper_limit/2; a += 0x10000) { dec[a] = feistel(rom[a], fn2_groupA, fn2_groupB, fn2_r1_boxes, fn2_r2_boxes, fn2_r3_boxes, fn2_r4_boxes, key2[0], key2[1], key2[2], key2[3]); } // copy the unencrypted part (not really needed) while (a < length/2) { dec[a] = rom[a]; a += 0x10000; } } memory_set_decrypted_region(0, 0x000000, length - 1, dec); m68k_set_encrypted_opcode_range(0,0,length); #if 0 { FILE *f; f = fopen("d:/s.rom","wb"); fwrite(rom,1,0x100000,f); fclose(f); f = fopen("d:/s.dec","wb"); fwrite(dec,1,0x100000,f); fclose(f); } #endif }
static DRIVER_INIT( bootleg ) { memory_set_decrypted_region(1, 0x0000, 0x7fff, memory_region(REGION_CPU2) + 0x10000); }
static DRIVER_INIT(darkmist) { const address_space *space = cputag_get_address_space(machine, "maincpu", ADDRESS_SPACE_PROGRAM); int i, len; UINT8 *ROM = memory_region(machine, "maincpu"); UINT8 *buffer = alloc_array_or_die(UINT8, 0x10000); UINT8 *decrypt = auto_alloc_array(machine, UINT8, 0x8000); decrypt_gfx(machine); decrypt_snd(machine); for(i=0;i<0x8000;i++) { UINT8 p, d; p = d = ROM[i]; if(((i & 0x20) == 0x00) && ((i & 0x8) != 0)) p ^= 0x20; if(((i & 0x20) == 0x00) && ((i & 0xa) != 0)) d ^= 0x20; if(((i & 0x200) == 0x200) && ((i & 0x408) != 0)) p ^= 0x10; if((i & 0x220) != 0x200) { p = BITSWAP8(p, 7,6,5,2,3,4,1,0); d = BITSWAP8(d, 7,6,5,2,3,4,1,0); } ROM[i] = d; decrypt[i] = p; } memory_set_decrypted_region(space, 0x0000, 0x7fff, decrypt); memory_set_bankptr(space->machine, 1,&ROM[0x010000]); /* adr line swaps */ ROM = memory_region(machine, "user1"); len = memory_region_length(machine, "user1"); memcpy( buffer, ROM, len ); for(i=0;i<len;i++) { ROM[i]=buffer[BITSWAP24(i,23,22,21,20,19,18,17,16,15,6,5,4,3,2,14,13,12,11,8,7,1,0,10,9)]; } ROM = memory_region(machine, "user2"); len = memory_region_length(machine, "user2"); memcpy( buffer, ROM, len ); for(i=0;i<len;i++) { ROM[i]=buffer[BITSWAP24(i,23,22,21,20,19,18,17,16,15,6,5,4,3,2,14,13,12,11,8,7,1,0,10,9)]; } ROM = memory_region(machine, "user3"); len = memory_region_length(machine, "user3"); memcpy( buffer, ROM, len ); for(i=0;i<len;i++) { ROM[i]=buffer[BITSWAP24(i,23,22,21,20,19,18,17,16,15,14 ,5,4,3,2,11,10,9,8,13,12,1,0,7,6)]; } ROM = memory_region(machine, "user4"); len = memory_region_length(machine, "user4"); memcpy( buffer, ROM, len ); for(i=0;i<len;i++) { ROM[i]=buffer[BITSWAP24(i,23,22,21,20,19,18,17,16,15,14 ,5,4,3,2,11,10,9,8,13,12,1,0,7,6)]; } free(buffer); }
static DRIVER_INIT(darkmist) { int i; unsigned char *ROM = memory_region(REGION_CPU1); UINT8 *buffer = malloc_or_die(0x10000); UINT8 *decrypt = auto_malloc(0x8000); decrypt_gfx(); for(i=0;i<0x8000;i++) { UINT8 p, d; p = d = memory_region(REGION_CPU1)[i]; if(((i & 0x20) == 0x00) && ((i & 0x8) != 0)) p ^= 0x20; if(((i & 0x20) == 0x00) && ((i & 0xa) != 0)) d ^= 0x20; if(((i & 0x200) == 0x200) && ((i & 0x408) != 0)) p ^= 0x10; if((i & 0x220) != 0x200) { p = BITSWAP8(p, 7,6,5,2,3,4,1,0); d = BITSWAP8(d, 7,6,5,2,3,4,1,0); } memory_region(REGION_CPU1)[i] = d; decrypt[i] = p; } memory_set_decrypted_region(0, 0x0000, 0x7fff, decrypt); memory_set_bankptr(1,&ROM[0x010000]); /* adr line swaps */ ROM = memory_region(REGION_USER1); memcpy( buffer, ROM, memory_region_length(REGION_USER1) ); for(i=0;i<memory_region_length(REGION_USER1);i++) { ROM[i]=buffer[BITSWAP24(i,23,22,21,20,19,18,17,16,15,6,5,4,3,2,14,13,12,11,8,7,1,0,10,9)]; } ROM = memory_region(REGION_USER2); memcpy( buffer, ROM, memory_region_length(REGION_USER2) ); for(i=0;i<memory_region_length(REGION_USER2);i++) { ROM[i]=buffer[BITSWAP24(i,23,22,21,20,19,18,17,16,15,6,5,4,3,2,14,13,12,11,8,7,1,0,10,9)]; } ROM = memory_region(REGION_USER3); memcpy( buffer, ROM, memory_region_length(REGION_USER3) ); for(i=0;i<memory_region_length(REGION_USER3);i++) { ROM[i]=buffer[BITSWAP24(i,23,22,21,20,19,18,17,16,15,14 ,5,4,3,2,11,10,9,8,13,12,1,0,7,6)]; } ROM = memory_region(REGION_USER4); memcpy( buffer, ROM, memory_region_length(REGION_USER4) ); for(i=0;i<memory_region_length(REGION_USER4);i++) { ROM[i]=buffer[BITSWAP24(i,23,22,21,20,19,18,17,16,15,14 ,5,4,3,2,11,10,9,8,13,12,1,0,7,6)]; } free(buffer); }
static DRIVER_INIT( calorieb ) { memory_set_decrypted_region(0, 0x0000, 0x7fff, memory_region(REGION_CPU1) + 0x10000); }
static DRIVER_INIT( calorieb ) { const address_space *space = cputag_get_address_space(machine, "maincpu", ADDRESS_SPACE_PROGRAM); memory_set_decrypted_region(space, 0x0000, 0x7fff, memory_region(machine, "maincpu") + 0x10000); }