CAESAR Logo

Catalogue of Arcade Emulation Software - the Absolute Reference

Valid XHTML 1.0! Valid CSS!

X-Arcade

X-Arcade

Large CAESAR Logo

coinmstr.c

0.100u1 [Pierpaolo Prazzoli]


TODO:

- Finish video emulation (colors, missing banking bits)

- Where is palette ?

- Finish inputs

- Finish question roms reading

- Hook up all the PIAs


NOTES:

- Some trivia seems to accept 2 type of eproms for question roms: 0x4000 or 0x8000 bytes long. This check is done with the 1st read from the rom (I think from offset 0) and if it's 0x10, it means a 0x4000 bytes eprom or if it's 0x20, it means a 0x8000 one. Also supnudg2 only tests 0x20 as 1st byte, so accepting only the 2nd type of eproms.


WIP:

- 0.108u4: wolf676 cleaned up dipswitches and documentation in the Coinmaster driver.

- 0.104: Nicola Salmoria decrypted the question ROMs in the coinmstr.c games.

- 4th February 2006: Nicola Salmoria - Pierpaolo Prazzoli made me look at the encrypted question ROMs of the Coinmaster games. It's nothing interesting, just a permutation of the address and data lines. The interesting thing, however, if how they gave away the encryption on the data lines by implementing the ROM checksum test in an unwise way. To verify the checksum, the game reads all bytes in the ROM except the one at offset 2, and adds them with 8-bit arithmetic. It then takes the opposite of the result and compares it with the byte at offset 2, expecting them to be equal. What this actually means, however, is that adding all bytes in the ROM will always give as result 0. Knowing that the sum of all bytes must be 0 instantly kills the data lines encryption. All one has to do is try to apply different permutations on the encrypted data, and calculate the resulting checksum. First look just at bit 0, ignoring the others. Try a permutation that leaves it in place, then one that replaces it with bit 1 of the encrypted data, then bit 2, and so on. Look at bit 0 of the resulting checksum. If it's 0 for all ROMs, then you got the right bit. So, in at most 8 tries, you'll find bit 0 of the permutation. Then move on to bit 1, and repeat the procedure. In at most 7 tries, you'll find bit 1 of the permutation. And so on.