Previous 199869 Revisions Next

r34566 Friday 23rd January, 2015 at 19:46:52 UTC by David Haywood
keys for spikeout / spikeofe from Metallic

(note, didn't make them run in MAME, but I managed to compile SuperModel and extract the data from RAM for key finding)

key finding for dayto2pe has failed, might use unknown key bits.
[src/mame/drivers]model3.c naomi.c
[src/mame/machine]315-5881_crypt.c 315-5881_helper.c

trunk/src/mame/drivers/model3.c
r243077r243078
16941694   0x2e64, 0x2a20, 0x2a2a, 0x2a2a, 0x2a2a, 0x2a2a, 0x2a2a, 0x2a2a,
16951695};
16961696
1697static const UINT16 spikeout_prot_data[] =
1698{
1699   0x0000,
1700   0x4f4d, 0x4544, 0x2d4c, 0x2033, 0x7953, 0x7473, 0x6d65, 0x5020,
1701   0x6f72, 0x7267, 0x6d61, 0x4320, 0x706f, 0x7279, 0x6769, 0x7468,
1702   0x2820, 0x2943, 0x3120, 0x3939, 0x2035, 0x4553, 0x4147, 0x4520,
1703   0x746e, 0x7265, 0x7270, 0x7369, 0x7365, 0x4c2c, 0x4454, 0x202e,
1704   0x6c41, 0x206c, 0x6972, 0x6867, 0x2074, 0x6572, 0x6573, 0x7672,
1705   0x6465, 0x202e, 0x2020, 0x0020
1706};
17071697
1708static const UINT16 eca_prot_data[] =
1709{
1710   0x0000,
1711   0x2d2f, 0x202d, 0x4d45, 0x5245, 0x4547, 0x434e, 0x2059, 0x4143,
1712   0x4c4c, 0x4120, 0x424d, 0x4c55, 0x4e41, 0x4543, 0x2d20, 0x0a2d,
1713   0x6f43, 0x7970, 0x6952, 0x6867, 0x2074, 0x4553, 0x4147, 0x4520,
1714   0x746e, 0x7265, 0x7270, 0x7369, 0x7365, 0x202c, 0x744c, 0x2e64,
1715   0x530a, 0x666f, 0x7774, 0x7261, 0x2065, 0x2652, 0x2044, 0x6544,
1716   0x7470, 0x202e, 0x3123, 0x660a, 0x726f, 0x7420, 0x7365, 0x0a74,
1717};
17181698
17191699
1720
1721
17221700READ64_MEMBER(model3_state::model3_security_r)
17231701{
17241702   UINT64 retvalue = U64(0xffffffffffffffff);
r243077r243078
17421720            }
17431721            retvalue = data;
17441722         }
1745         else if (core_stricmp(machine().system().name, "spikeout") == 0 ||
1746                  core_stricmp(machine().system().name, "spikeofe") == 0)
1747         {
1748            UINT64 data = (UINT64)spikeout_prot_data[m_prot_data_ptr++] << 16;
1749            if (m_prot_data_ptr >= 0x55)
1750            {
1751               m_prot_data_ptr = 0;
1752            }
1753            retvalue = data;
1754         }
1755         else if (core_stricmp(machine().system().name, "eca") == 0 ||
1756                  core_stricmp(machine().system().name, "ecax") == 0)
1757         {
1758            UINT64 data = (UINT64)eca_prot_data[m_prot_data_ptr++] << 16;
1759            if (m_prot_data_ptr >= 0x31)
1760            {
1761               m_prot_data_ptr = 0;
1762            }
1763            retvalue = data;
1764         }
17651723         else
17661724         {
17671725            retvalue = 0;
r243077r243078
57145672
57155673   if (key != -1)
57165674   {
5717//      m_maincpu->space(AS_PROGRAM).install_readwrite_handler(0xf01a0000, 0xf01a003f, read64_delegate(FUNC(model3_state::model3_5881prot_r), this), write64_delegate(FUNC(model3_state::model3_5881prot_w), this));
57185675      m_cryptdevice->set_key(key);
57195676      m_maincpu->space(AS_PROGRAM).install_readwrite_handler(0xf01a0000, 0xf01a003f, 0, 0x0e000000, read64_delegate(FUNC(model3_state::model3_5881prot_r), this), write64_delegate(FUNC(model3_state::model3_5881prot_w), this) );                   
57205677   }
r243077r243078
59775934
59785935DRIVER_INIT_MEMBER(model3_state,daytona2)
59795936{
5980   UINT32 *rom = (UINT32*)memregion("user1")->base();
5937//   UINT32 *rom = (UINT32*)memregion("user1")->base();
59815938   DRIVER_INIT_CALL(model3_20);
59825939
59835940   m_maincpu->space(AS_PROGRAM).install_write_handler(0xc3800000, 0xc3800007, write64_delegate(FUNC(model3_state::daytona2_rombank_w),this));
59845941   m_maincpu->space(AS_PROGRAM).install_read_bank(0xc3000000, 0xc37fffff, "bank2" );
59855942
59865943   //rom[(0x68468c^4)/4] = 0x60000000;
5987   rom[(0x6063c4^4)/4] = 0x60000000;
5988   rom[(0x616434^4)/4] = 0x60000000;
5989   rom[(0x69f4e4^4)/4] = 0x60000000;
5944   //rom[(0x6063c4^4)/4] = 0x60000000;
5945   //rom[(0x616434^4)/4] = 0x60000000;
5946   //rom[(0x69f4e4^4)/4] = 0x60000000;
59905947
59915948   DRIVER_INIT_CALL(genprot);
59925949}
59935950
59945951DRIVER_INIT_MEMBER(model3_state,dayto2pe)
59955952{
5996   UINT32 *rom = (UINT32*)memregion("user1")->base();
5953//   UINT32 *rom = (UINT32*)memregion("user1")->base();
59975954   DRIVER_INIT_CALL(model3_20);
59985955
59995956   m_maincpu->space(AS_PROGRAM).install_write_handler(0xc3800000, 0xc3800007, write64_delegate(FUNC(model3_state::daytona2_rombank_w),this));
60005957   m_maincpu->space(AS_PROGRAM).install_read_bank(0xc3000000, 0xc37fffff, "bank2" );
60015958
6002   rom[(0x606784^4)/4] = 0x60000000;
6003   rom[(0x69a3fc^4)/4] = 0x60000000;       // jump to encrypted code
6004   rom[(0x618b28^4)/4] = 0x60000000;       // jump to encrypted code
5959//   rom[(0x606784^4)/4] = 0x60000000;
5960//   rom[(0x69a3fc^4)/4] = 0x60000000;       // jump to encrypted code
5961//   rom[(0x618b28^4)/4] = 0x60000000;       // jump to encrypted code
60055962
6006   rom[(0x64ca34^4)/4] = 0x60000000;       // dec
5963//   rom[(0x64ca34^4)/4] = 0x60000000;       // dec
60075964
60085965   DRIVER_INIT_CALL(genprot);
60095966}
trunk/src/mame/drivers/naomi.c
r243077r243078
328328House of the Dead 2                             834-13636-01 21585   20 (64Mb)   not present 315-6213  not present
329329Idol Janshi Suchie-Pai 3                        841-0002C    21979   14 (64Mb)   ?           315-6213  317-5047-JPN   requires mahjong panel
330330Jambo! Safari (Rev A)                           840-0013C    22826A   8 (64Mb)   ?           315-6213  317-0264-COM
331Mars TV                                         840-0025C    22993   15 (64Mb)   present     315-6213  317-0274-JPN
331Mars TV                                         840-0025C    22993   15 (64Mb)   present     315-6213  317-0074-JPN
332332OutTrigger                                      840-0017C    22163   19 (64Mb)   ?           315-6213  317-0266-COM   requires regular 837-13551 and 837-13938 rotary JVS boards, and special panel
333333Power Stone                                     841-0001C    21597    8 (64Mb)   present     315-6213  317-5046-COM   joystick + 3 buttons
334334Power Stone 2                                   841-0008C    23127    9 (64Mb)   present     315-6213  317-5054-COM   joystick + 3 buttons
trunk/src/mame/machine/315-5881_crypt.c
r243077r243078
130130
131131The encryption is done by a stream cipher operating in counter mode, which use a 16-bits internal block cipher.
132132
133Every stream can be composed by several substreams; there are 18 header bits at the start of every substream, with
134a 1+9+8 format; the highest bit control the mode of operation: set to 1 means that the substream needs to be decompressed
135after being decrypted. The other two blocks (A||B) encode the length of the substream, as (A+1)*(B+1). When a
136substream end, the header of the next one, if existing, follows inmediatly.
133There are 2 "control bits" at the start of the decrypted stream which control the mode of operation: bit #1 set to 1 means
134that the stream needs to be decompressed after being decrypted. More on this later.
137135
138136The next 16-bits are part of the header (they don't belong to the plaintext), but his meaning is unclear. It has been
139137conjectured that it could stablish when to "reset" the process and start processing a new stream (based on some tests
r243077r243078
146144given plaintext word, and the remaining 2 to the next plaintext word.
147145
148146The underlying block cipher consists of two 4-round Feistel Networks (FN): the first one takes the counter (16 bits),
149the game-key (>=29 bits; probably 64) and the sequence-key (16 bits) and output a middle result (16 bits) which will act
150as another key for the second one. The second FN will take the encrypted word (16 bits), the game-key, the sequence-key
151and the result from the first FN and will output the decrypted word (16 bits).
147the game-key (>=29 bits) and the sequence-key (16 bits) and output a middle result (16 bits) which will act as another key
148for the second one. The second FN will take the encrypted word (16 bits), the game-key, the sequence-key and the result
149from the first FN and will output the decrypted word (16 bits).
152150
153151Each round of the Feistel Networks use four substitution sboxes, each having 6 inputs and 2 outputs. The input is the
154152XOR of at most one bit from the previous round and at most one bit from the different keys.
155153
156154The underlying block cipher has the same structure than the one used by the CPS-2 (Capcom Play System 2) and,
157155indeed, some of the used sboxes are exactly the same and appear in the same FN/round in both systems (this is not evident,
158as you need to apply a bitswapping and some XORs to the input & output of the sboxes to get the same values due).
156as you need to apply a bitswapping and some XORs to the input & output of the sboxes to get the same values due). However,
157the key scheduling used by this implementation is much weaker than the CPS-2's one. Many s-boxes inputs aren't XORed with any
158key bit.
159159
160Due to the small key-length, no sophisticated attacks are needed to recover the keys; a brute-force attack knowing just
161some (encrypted word-decrypted word) pairs suffice. However, due to the weak key scheduling, it should be noted that some
162related keys can produce the same output bytes for some (short) input sequences.
163
160164Note that this implementation considers that the counter initialization for ram decryption is 0 simply because the ram is
161165mapped to multiples of 128K.
162166
r243077r243078
169173as of january/2015 show small randomness and big correlations, making possible that some unseen bits could make the
170174decryption need those incomplete parts.
171175
172SEGA apparently used his security part label (317-xxxx-yyy) as part of the key; the mapping of the current keys to the chip label
173is given by the following function:
174
175void key2label(uint32_t key)
176{
177   int bcd0 = ((BIT(key,17)<<3)|(BIT(key,7)<<2)|(BIT(key,14)<<1)|BIT(key,19))^9;
178   int bcd1 = ((BIT(key,20)<<3)|(BIT(key,1)<<2)|(BIT(key,4)<<1)|BIT(key,13))^5;
179   int bcd2 = (BIT(key,9)<<1)|BIT(key,22);
180   int bcd3 = ((BIT(key,9)<<2)|BIT(key,9))^5;
181   
182   char chiplabel[13];
183   sprintf(chiplabel, "317-%d%d%d%d-%s", bcd3, bcd2, bcd1, bcd0, (BIT(key,5)?"JPN":"COM"));
184   
185   printf("%s", chiplabel);
186}
187
188Given the use of the BCD-encoded security module labels, it's expected that at least other 6 additional bits be present in the
189real keys but undetected in the current implementation (due to them being set to fixed values on all the known 315-5881 chip labels).
190That would rise the bit count at least to 35.
191
192Other key bits not directly related to the 315-5881 label still show low entropies, making possible that
193they be derived from other non-random sources.
194
195In the second Feistel Network, every key bit seem to be used at most once (the various uses of current bit #9 are fictitious, as
196that bit really represent various bits in the real key; see comments on the use of the labels above). Given that, it seems probable
197that the real key is 64 bits long, exactly as in the related CPS-2 scheme, and the designers tried to cover all 96 input bits with
198the bits provening from the game key, the sequence key and the result from the first feistel network (64+16+16=96). In the first
199Feistel Network, as only 80 bits are available, some bits would be used twice (as can be partially seen in the current implementation).
200The fact that only 29 bits out of the expected 64 have been observed till now would be due to the generation of the key by composing
201low-entropy sources.
202
203176****************************************************************************************/
204177
205178const sega_315_5881_crypt_device::sbox sega_315_5881_crypt_device::fn1_sboxes[4][4] = {
trunk/src/mame/machine/315-5881_helper.c
r243077r243078
3939   { "elandore",        0x05226d41 }, //             1998     317-5043-COM   ST-V
4040   { "ffreveng",        0x0524ac01 }, //             1998     317-5049-COM   ST-V
4141
42   { "gundmct",         0x000e8010 }, // 841-0017    2001     ???            Naomi
43   { "puyoda",          0x000acd40 }, // 841-0006    1999     ???            Naomi
44   { "smlg99",          0x08048a01 }, // 840-0012    1999     ???            Naomi
45   { "vf4cart",         0x0eef2f96 }, // 840-0080    2002     ???            Naomi 2
46   { "vonot",           0x08010715 }, // 840-0028    2000     ???            Naomi
47   { "marstv",          0x080b8ef5 }, // 840-0025    1999     317-0074-JPN   Naomi
4248   { "dybbnao",         0x080e6ae1 }, // 840-0001    1998     317-0246-JPN   Naomi
4349   { "crzytaxi",        0x080d2f45 }, // 840-0002    1999     317-0248-COM   Naomi
4450   { "zombrvn",         0x08012b41 }, // 840-0003    1999     317-0249-COM   Naomi
r243077r243078
5056   { "tduno",           0x08028ea5 }, // 840-0008    1999     317-0255-JPN   Naomi
5157   { "toyfight",        0x0802ca85 }, // 840-0011    1999     317-0257-COM   Naomi
5258   { "vs2_2k",          0x08088b08 }, // 840-0010    1999     317-0258-COM   Naomi
53   { "smlg99",          0x08048a01 }, // 840-0012    1999     317-0259-COM   Naomi
5459   { "derbyoc",         0x080fee35 }, // 840-0016    1999     317-0262-JPN   Naomi
5560   { "vtennis",         0x0803eb15 }, // 840-0015    1999     317-0263-COM   Naomi
5661   { "jambo",           0x080fab95 }, // 840-0013    1999     317-0264-COM   Naomi
r243077r243078
6772   { "18wheelr",        0x0807cf54 }, // 840-0023    2000     317-0273-COM   Naomi
6873   { "18wheels",        0x0807cf54 }, // 840-0036    2000     317-0273-COM   Naomi
6974   { "18wheelu",        0x0807cf54 }, // 840-0037    2000     317-0273-COM   Naomi
70   { "marstv",          0x080b8ef5 }, // 840-0025    1999     317-0274-JPN   Naomi
71   { "vonot",           0x08010715 }, // 840-0028    2000     317-0279-COM   Naomi
7275   { "sstrkfgt",        0x08132303 }, // 840-0035    2000     317-0281-COM   Naomi
7376   { "sstrkfgta",       0x08132303 }, // 840-0035    2000     317-0281-COM   Naomi
7477   { "wwfroyal",        0x081627c3 }, // 840-0040    2000     317-0285-COM   Naomi
r243077r243078
8891   { "clubkrtd",        0x0ce7d742 }, // 840-0062    2001     317-0313-COM   Naomi 2
8992   { "clubkrte",        0x0ce7d742 }, // 840-0062    2001     317-0313-COM   Naomi 2
9093   { "inunoos",         0x094bc3e3 }, // 840-0073    2001     317-0316-JPN   Naomi
91   { "vf4cart",         0x0eef2f96 }, // 840-0080    2002     317-0324-COM   Naomi 2
9294   { "toukon4",         0x052e2901 }, // 25349801    2000     317-5040-COM   Naomi
9395   { "wldkicks",        0x052e2901 }, // 25209801    2000     317-5040-COM   Naomi
9496   { "wldkicksa",       0x052e2901 }, // 25209801    2000     317-5040-COM   Naomi
r243077r243078
99101   { "doa2m",           0x0008ad01 }, // 841-0003    1999     317-5048-COM   Naomi
100102   { "shangril",        -1         }, // 841-0004    1999     317-5050-JPN   Naomi     seems not used by game
101103   { "spawn",           0x00078d01 }, // 841-0005    1999     317-5051-COM   Naomi
102   { "puyoda",          0x000acd40 }, // 841-0006    1999     317-5052-COM   Naomi
103104   { "pstone2",         0x000b8dc0 }, // 841-0008    2000     317-5054-COM   Naomi
104105   { "capsnk",          0x00000000 }, // 841-0011    2000     317-5059-COM   Naomi
105106   { "capsnka",         0x00000000 }, // 841-0011    2000     317-5059-COM   Naomi
r243077r243078
113114   { "ninjaslt1",       0x000ca510 }, // 25469801    2000     317-5068-COM   Naomi
114115   { "ninjaslt2",       0x000ca510 }, // 25469801    2000     317-5068-COM   Naomi
115116   { "ninjaslt4",       0x000ca510 }, // 25469801    2000     317-5068-COM   Naomi
116   { "gundmct",         0x000e8010 }, // 841-0017    2001     317-5070-COM   Naomi
117117   { "hmgeo",           0x00038510 }, // HMG016007   2001     317-5071-COM   Naomi
118118   { "zerogu2",         0x0007c010 }, // 841-0020    2001     317-5073-COM   Naomi
119119   { "gunsur2",         0x000680d0 }, // 25709801    2001     317-5075-COM   Naomi
r243077r243078
135135   { "pltkids",         -1         }, //             1998     317-5044-COM   Model 2
136136   { "pltkidsa",        -1         }, //             1998     317-5044-COM   Model 2
137137
138   { "magtruck",        0x09266e45 }, //             ????     ?              Model 3
138139   { "von2",            0x092a0e97 }, //             ????     317-0234-COM   Model 3
139140   { "von254g",         0x092a0e97 }, //             ????     317-0234-COM   Model 3
140141   { "fvipers2",        -1         }, //             ????     317-0235-COM   Model 3
r243077r243078
142143   { "dirtdvls",        0x09290f17 }, //             ????     317-0238-COM   Model 3
143144   { "dirtdvlsa",       0x09290f17 }, //             ????     317-0238-COM   Model 3
144145   { "daytona2",        0x09250e16 }, //             ????     317-0239-COM   Model 3
145   { "spikeout",        -1         }, //             ????     317-0240-COM   Model 3
146   { "spikeofe",        -1         }, //             ????     ?317-0240-COM? Model 3
146   { "spikeout",        0x092f2b04 }, //             ????     317-0240-COM   Model 3
147   { "spikeofe",        0x09236fc8 }, //             ????     317-0247-COM   Model 3
147148   { "swtrilgy",        0x11272a01 }, //             ????     317-0241-COM   Model 3
148149   { "swtrilgya",       0x11272a01 }, //             ????     317-0241-COM   Model 3
149150   { "oceanhun",        0x092b6a01 }, //             ????     317-0242-COM   Model 3
150   { "magtruck",        0x09266e45 }, //             ????     317-0243-COM   Model 3
151151   { "lamachin",        0x092a2bc5 }, //             ????     317-0244-COM   Model 3
152152   { "vs299",           0x09222ac8 }, //             ????     317-0245-COM   Model 3
153153   { "vs2v991",         0x09222ac8 }, //             ????     317-0245-COM   Model 3

https://github.com/mamedev/mame/commit/93e4aac273c1b0b3c832091950e7578a6207984a

Previous 199869 Revisions Next

© 1997-2024 The MAME Team