Charles MacDonald's Home Page

News

Current
Old News

Emulation

SMS Plus
Genesis Plus
TGEmu
Sega System 24
MAME WIP
Sega WIP
FD1094 Status
FD1094 Game Conversion

Electronics

Electronics Projects

Information

Sega Genesis
Sega Master System
Sega Game Gear
Sega SC-3000H
Sega Saturn
Nintendo Super NES
Nintendo GameCube

Miscellaneous

Video Game FAQs
Links

External Links

The Guru's ROM Dumping News
Nicola's MAME Ramblings
David Haywood's MAME WIP
Aaron Giles' Home Page
Richard Bannister
doxDev
AamirM's Homepage
Kale's Mame Wip
PC-Engine dev

Other

Contact

News (1/6)

I recently dumped the internal ROM for Wing's "7 Smash". The ROM was trojaned in a similar way to Pinkiri 8 and other Wing games that are now emulated in MAME.

This board uses a HD647180 MCU (in a huge 90-pin SDIP package) with 16K of internal ROM and up to 128K of external ROM. The external ROM contains program code so it isn't particularly hard to get control of the system by inserting your own software into the ROM once you've made a NOP sled or identified the entry points.

To get the internal ROM data out I used my 8-bit EPROM emulator which can also emulate RAMs. The two red wires in the picture are used to tap into the system reset signal from the MB3771 and part of the glue logic which generates a write strobe for memory locations. This allows the trojan program to write back into emulator memory to store data. Once it had copied the internal ROM to RAM (and generated a checksum) I just had to download the emulator RAM and that was it.

If any more of these games come up in the future it should be fairly easy to get them dumped.

Old News (1/1)

Here's some Saturn and PSX info:

The ROM replacement is designed to be used with an EPROM emulator connected to the flash memory socket of a PSX Action Replay or similar device. It functions as a loader for a small (~32K) program appended to the ROM, which is copied to work RAM at $80010000 and executed as a subroutine. The appended program can return to the caller to continue with the BIOS boot process if necessary.

The AR and most clones use a 78L05 regulator which is not sufficient to power an EPROM emulator, I had to replace mine with a full-sized 7805. The cheaper variants just use a zener diode to knock down 7.5V to 5V and have no real regulator, so more changes will be necessary.

I've been having a lot of fun playing the fan-translated version of Persona 2: Innocent Sin. The people responsible did an incredible job hacking up the original game for the rest of us to enjoy, and it's thrilling to think they are working on Soul Hackers next:

Incidentally Atlus localized the PSP version of Innocent Sin, but purists will probably want to play it on the PSX like it was intended.