> > > > That’s great news about "Typing Monkeys" project comes back, and thanks to all > > > people > > > > involved on that project for their time and work. > > > > I know that can be off topic, but I’ve read on Guru’s site that Operation Wolf > > > C-chip > > > > was decapped and the rom had been extracted by Capsoff. Is it true? There isn't > > any > > > > post about it on Caps0ff blog > > > > > > It's true. > > > > > > Haze added support for the dumps in > > > https://github.com/mamedev/mame/commit/0019c8cbd019f706456f95b82fbcf7ffee641187 > > > > > > However, as he says, it's currently bad. > > > > > > https://github.com/mamedev/mame/commit/d...10c2da50363a441 > > > > > > This could be why they didn't post news about it. > > > > > > - Stiletto > > > > To clarify > > > > The C-Chip has 2 ROM parts, a MASK rom inside the UPD78C11 which is assumed to be > the > > same for all games and an EPROM which definitely differs between games. > > > > The MASK rom was imaged and typed up, it's rather interesting. The internal > checksum > > on that passes, so chances are it's a good dump. > > > > EPROMs can't be dumped using this technique as there's nothing to see, so an > attempt > > was made to dump the EPROM by wiring it up directly to the decapped die but the > > Cap0ff guys couldn't get one of the address lines to work properly, so half the > data > > is missing. It was very delicate work, tiniest of slips and you have to start over. > > The dumped data is interesting as you can see some of the tables the current > > operation wolf simulation uses in it, but as the dump isn't complete it wasn't > > possible to switch the emulation over to using it. > > > > The MASK rom actually contains what looks like functions that could be exploited to > > read out the EPROM, so attempts have been made to use them, however it seems Taito > > anticipated this and the one of the port writes done in the code is blocking any > > further commands or responses externally. Annoying, otherwise you would have had > some > > rather juicy news already. > > Annoying, but not insurmountable, right? Is there a way around that?
From a software hacking point of view? maybe not, if you're locked out you're locked out, entirely possible it was done like this specifically to make what I was trying to do impossible on a retail chip. Might just have to go the very risky, very expensive hardware decap route with no guarantee chips won't just be destroyed (every decap is a risk)
I wish people would stop expecting miracles, these are real, tough, problems where yes, some approaches can be ruled out entirely if the right security measures were taken.
|