Author Topic: CPS-2 ROM decrypter  (Read 7430 times)

Offline iq_132

  • Administrator
  • *****
  • Posts: 3856
  • Karma: +365/-0
  • destroy.
    • NeoSource
CPS-2 ROM decrypter
« on: December 13, 2007, 06:01:00 PM »
Quote

***************************************************************
*  Instructions

What this program does is compare two romset's program roms
(and the decrypted version too). It will automatically decrypt
the program roms, so all you will need to do is extract the
roms into the same folder as the program. When you are asked
what romset you wish to work with, just type the name (eg. sfa2).

Finally, it will display which roms do not need to be decrypted,
and will write the ones that do. Then simply press "enter" to
quit.

In the same directory as the program, you'll see that your
decrypted files and an info.log file have been produced.

THE PRODUCED FILES WILL NOT WORK ON REAL HARDWARE!


***************************************************************
*  NOTICE!

The source romsets SHOULD be the SAME REVISION and a DIFFERENT
REGION.  Japan romsets do not usually give good results when
comparing against other regions. :(  Games that use the same
key absolutely will not work.

If the info.log file is very large (more than a few kb), the
two source romsets are probably too different to get an
accurate result.

Also, the self-test in games will fail. These check for the
data and encrypted opcodes. Since we're using decrypted opcodes,
this will obviously result in failure.  The easiest way to
fix these is to find where the crc info is stored (usually
in 0xCx - 0xDx and patch them.  It's easy enough to find them,
often they (and the region code) are the only bytes that are
different. I have posted some code for FBA that allows you to
fix this, though it is a fairly involved process.

THE PRODUCED FILES WILL NOT WORK ON REAL HARDWARE!


***************************************************************
*  Version History

0.01
Everything!


***************************************************************
*  About

Huge credits to Andreas, Nicola, and the MAME team!
Program (except for cps2crpt.cpp) written by IQ_132
 - Please do not report any problems with this program or
   decrypted roms to anyone except me (IQ_132).


Offline Pasky

  • Newbies
  • *
  • Posts: 9
  • Karma: +0/-0
Re: CPS-2 ROM decrypter
« Reply #1 on: September 28, 2011, 09:58:44 PM »
Hi, I tried using this to decrypt SSF2T.  It decrypts all the rom files except sfx.09, which I imagine is because sfx.09 is only present in ssf2t and not in any other of the regions.

My main goal is trying to load the rom into IDA so I can disassemble with the visual disassemble tree.  I tried merging all the decrypted files together (sfxe.03c, sfxe.04a, sfxe.05, etc...) but it doesn't seem to have gone over well.

Do you happen to know  a better way to achieve my goal?  I just want to disassemble the game in IDA.

Offline iq_132

  • Administrator
  • *****
  • Posts: 3856
  • Karma: +365/-0
  • destroy.
    • NeoSource
Re: CPS-2 ROM decrypter
« Reply #2 on: September 28, 2011, 11:20:54 PM »
If the rom is not decrypted it means that it is the same between the regions -- this usually means that it is not encrypted in the first place!


Offline Pasky

  • Newbies
  • *
  • Posts: 9
  • Karma: +0/-0
Re: CPS-2 ROM decrypter
« Reply #3 on: October 14, 2011, 07:18:26 PM »
Perhaps it isn't working correctly then.

When running mame debugger for ssf2t, this is the hex for the assembly starting at 0x000000:

Code: [Select]
0000 0000 0332 68B5 0127 D2A8

The decrypted file (sfxe.03_decrypted) at 0x000000 is:

Code: [Select]
0000 0000 0000 3203 0000 FE02

I know for sure that sfxe.03 is loaded at 0x000000 after looking at mame's cps2.c driver.

Any suggestions? Am I comparing 2 incompatible romsets?  Is there another CPS2 rom decrypter out there?  Thanks.

This is comparing SSF2T and SSF2TU btw.
« Last Edit: October 14, 2011, 07:21:22 PM by Pasky »

Offline iq_132

  • Administrator
  • *****
  • Posts: 3856
  • Karma: +365/-0
  • destroy.
    • NeoSource
Re: CPS-2 ROM decrypter
« Reply #4 on: October 15, 2011, 01:46:08 AM »
You're mismatching revisions. Try ssf2tur1 and  ssf2t.


Offline Pasky

  • Newbies
  • *
  • Posts: 9
  • Karma: +0/-0
Re: CPS-2 ROM decrypter
« Reply #5 on: October 15, 2011, 02:24:27 AM »
Same result unfortunately, still get the same file.  Any ideas?  Thanks.

Offline Pasky

  • Newbies
  • *
  • Posts: 9
  • Karma: +0/-0
Re: CPS-2 ROM decrypter
« Reply #6 on: October 16, 2011, 12:14:20 AM »
I'm guessing I'm shit out of luck then.

Nevermind, I was able to just dump the decrypted memory from MAME and just byte swap the binary file.  Works perfectly.
« Last Edit: October 16, 2011, 07:17:33 AM by Pasky »