Xbox with Jamma Hi Parris, Yes, to use a Xbox with a Jamma converted, is very easy, but... 1) I already have a Naomi cabinet with a Chihiro running with 32KHZ and delivering a high quality video signal. The Xbox video output is 15Khz, and not very good quality. 2) I will like to use real world controllers, joysticks, steering reel, etc instead of cheap pads, without hacking them. 3) I don't like comercial stuff, like Xbox, all peopel can buy one on ebay for a few bucks and put it in a Jamma cabinet. 4) I don't like to play games, i use to play less than 5 minutes with a game and i'm tired of it, the fun for me is to hack things, specially hardware stuff. 5) I'm a Treky, and my lema is: "to boldly go where no man has gone before". Best Regards Soyandroid PD: The only real games i use to play, are pinball machines. I'm a collector of 90's Williams pinball machines
Because its incredibly difficult to build a VGA output circuit for the XBox and get 32khz... :nod: I wouldn't say it isn't very good quality unless you're looking at standard 480i composite. The XBox's component was rather nice quality wise especially when you had a display capable of accepting 480p or higher. Of course your game selection was rather limited.
Naomi and Dreamcast are programmed using the same devkit. The only difference is in the disc access. It should be possible to get games running if you add more ram. Naomi protection wasn't great on the gdrom games. They relied on the difficulty of producing the physical discs.
But also with the security chip, which lets face it is just a 99p PIC chip that outputs a string on a few pins, but the chihiro has the same type of security.
Hey serantes, or anybody else. How does one get the xbe files from the raw bin file of the gdrom?:shrug: Any help would be appreciated.ray:
Sorry if this is considered reviving a dead thread, but I have some information relating to Chihiro. If this is considered reviving a dead thread, please lock the thread. I took a look at some dumps of three Chihiro games. These dumps are the ones that look just like a standard Xbox's FATX drive layout. I took the source from a program called "FAT-X-Plorer" and added support for Chihiro FATX images. With my modified version, you can open a Chihiro dump and extract individual files, or all of them. I couldn't make a function to recreate directories, so you might have to move around some files after it dumps them to recreate the original structure. Download it here if you're interested or want to tinker with the source I have modified: http://www.mediafire.com/?g648lvwrqo0br61 I hope this will help with any future Chihiro research.
Excellent, thanks. Since I take interest in emulating Sega Chihiro games, this will be of great help for me!
I just tried this on House of the Dead 3. What I did was: Got a MAME CHD, got the Security ROM and its key. Extracted CHD using chdman to cue / bin Opened the files using isobuster and recovered the filesystem Extracted HOD3AC_S.BIN Wrote a tool to decrypt HOD3AC_S.BIN Verified the file had data using a hex-editor (the file has very few blocks zero'd out) Opened the file in your FAT-X-Plorer in a Windows Server 2008 VM using vbox and extracted the files to a shared network drive Result? The XBEs came out correct (//Edit: There was junk at the end of the files) but most other files were full of zeros (100+ MB of zeros which don't exist in the decrypted BIN, so I guess this either has to do with repeating blocks or it's a bug in your FAT-X-Plorer code). So for now I'd say there is a bug in your code. I'll probably write my own tool now to load the GD-ROM ISO, decrypt and extract the files. I guess we'll know more then. Thanks for the tool anyway, it's probably a good starting point. //Edit: Yeh, either a bug in vbox, the windows network drive stuff or, most-likely, in your modification of FAT-X-Plorer. Just wrote my own tool and extracted all the files just fine. Some extra awesomeness: House of the Dead 3 videos are mpeg files which can be played using mplayer, confirms that my tool is working: I'll try to clean up the source and add some more tools, then release them together in a few days / weeks / months - whenever I find time for it
Great! I tried running a few Chihiro games on my retail Xbox, and I took some notes here: https://docs.google.com/document/d/1Np9RaveOlDZdlF72DOTsqv6bOgvMznGOFq5hZqpF6hs/edit?hl=en_US I basically figured out the same thing you did, with the Mame CHD's and the DES keys. Here's the method I used, taken from a tutorial I posted on a site that doesn't like their name put out there (PM me if your curious) Tutorial: 1. Download MAME CHD for a Chihiro Game 2. Download the Chihiro games MAME Roms (a few KB each) 3. Download DEScrypt.exe from here: http://www.mediafire.com/?galli1p0mhs2mtg 4. Download chdman from here: http://www.mediafire.com/?n7a2aneqc492ee0 5. Download ISO Buster Trial: http://www.isobuster.com/isobusterdownload.php 6. Make a new batch file and put this line in it, replacing the parts in brackets. Save the batch file, then run it afterwords.: chdman -extractcd [chd name].chd [chd name].toc [chd name].bin Example: chdman -extractcd gdx-0002b.chd gdx-0002b.toc gdx-0002b.bin 7. Open ISO Buster. Go to File -> Open Image File. Select the bin file that was extracted with chdman. 8. Right click Track 01 and click "Find missing files and folders". This will take a few minutes. 9. When that finishes, click on the fourth item under Track 01 (Crazy Taxi High Roller said "SAMPLE_GAME_TITLE [Recovered File System]"). You should now see 3 bin files listed. There will be 2 very small files and 1 large one. Right click the large one and click "Extract [filename]". Crazy Taxi HR's large file was named "CTX_AC.BIN". 10. We now have the FATX drive image, but it is encrypted. To decrypt it, we first need to get the DES key from the game's PIC dump (AKA the MAME rom). Go to http://guru.mameworld.info/naomi/index.html and the key might be there listed by the game's name. If not, we need to extract the key ourselfs (easy). For Crazy Taxi HR, the PIC file was named "317-0353-com.pic". You will need 8 bytes from it, outlined in the following image... The bytes will always be found in the same place in the PIC file, regardless of game. I spoke too soon. There are at least two different types of PIC dumps. Here's an example of how to get the key from the other type (Virtua Cop 3 uses this type, for example) 11. Make a new batch file and put this line in it, replacing the parts in brackets Save the batch file, then run it afterwords.: descrypt.exe [DES Key] [Game's large BIN file] Example: descrypt 457ADAD675D3A2CB CTX_AC.BIN 12. DESCrypt should save a new file named [Game's large BIN file].dat. This is your decrypted FATX harddrive image!
Nice work on the tutorial by the way! (even though it could be misleading in the future once we find out that some things might work different than how we expected first) I'd like to know more about these security PIC dumps too. They seem to be based on tmbincs reasearch and only contain the challenge response, however, the first dump you has seems to be a full log of the conversation. At the very top of your first dump you can see "S4T4_4O4K4" which is probably the end of response 7: "7TEST_OK". For now I'll stick to the minimalistic dumps for the PIC emulation in my emulator. I also tried emulating the SEGA LPC on my retail xbox and this seems to work. Also the RAM can be memory mapped with that technique unless the games map hardware to specific regions. I'm also collecting original xboxes now to figure out more about the chihiro. I'll probably buy a chihiro in the future, however, for now I'll just try extending memory on one xbox [resoldering or networking] and writing a bios which simply emulates the [chihiro] hardware using x86 segfaults (luckily we have cr2 ). My emulator (for non-xbox systems) also loads the chihiro roms just fine and I'm having the same errors as with retail games, so I guess chihiro emulation will happen more or less in the next 10 years. I also wrote some tools to do all of the above now, with the gdrom-iso loader being the least-complete so far. But basicly the tools allow creation of a minimalistic dummy security PIC with the proper key, extraction of the GDROM contents on track 3 [by loading an track3 iso - which is all the GDROM drive should see, so the other tracks aren't needed, hence no bin/cue loader from me], decryption and extraction of the FATX image. //Edit: Just read your docs: I'm curious how the argument passing works - is that happening in the sega specific bios parts or is this the typical launchpage stuff? Also House of the Dead 3 stopped my fans after waiting a few minutes on the black screen. However, that might be a sideeffect of launching it with XBMC and custom code still left in RAM.
First off, its great to see someone who is interested in working on Chihiro stuff! Great work. I believe the test XBE for Virtua Cop 3 is passing an argument because the text XBE is very small, and all the test menu strings are in the main XBE. I looked at the test XBE with IDA and I remember it referencing the main XBE, running a function to execute it. Oh and quick question: How does this LPC emulation you were talking about work? Since the Chihiro launcher XBE is on the media board, which has a cable hooked up to the main board's LPC port, I figured it was acting similar to a modchip, running an XBE instead of the standard BIOS. If you need any help with testing, I'd love to help you. You have much more knowledge of these kinds of things it seems.
Xbox (and Chihiro) executables are staticly linked. The Xbox flash (?) has the kernel which provides basic functionality. Video drivers / D3D, USB / OHCI / Input drivers etc. are all compiled into the games. The original Xbox dashboard also includes it's own drivers - however, they are not used by the games as it's also staticly linked. The LPC emulation works by catching segfaults in the area starting at 0x4000, then skipping the "faulty" instruction. Normally argument passing on the xbox is done by allocating a launch-data page. The launch-data page will survive a soft-reboot. So when the new executable is started the new application can get the pointer to the page and read its arguments. I'll have a look at vcop3 again myself as soon as possible. If what you are saying is true there is probably a unified way of accessing the test XBE (seeing how those I checked out are all based on the same SDK sample). //Edit: Just found a thread with screenshots on emuxtras.net. However, I had no luck getting any Chihiro executable to work on my (still 64MB) PAL Xbox (connected using composite). Most of them fail with memory access to the Sega LPC or they include invalid sections (The bios files). I'm still busy with university but will continue work in October. I plan to do lightgun integration, 128MB upgrade and possibly virtual memory then. I also have a second xbox now which works in NTSC Mode (connected using component. My other xbox won't output anything via the component output). //Edit: Got "Virtua Cop 3" working on my NTSC / Component xbox now. However, it obviously hangs on the loading screen as it is still 64MB. My lightguns (EMS TopGun 2) seem to work in the calibration screen, but not in the input test. I have also started reading some MSDN articles about the NT memory system and consider adding the memory emulator to my chihiro emulator (but that will take LOTS of time, it might not even be possible too). The biggest problem is probably how stripped the API is. I'll need PAGE_GUARDs, AWE, SEH, persistent memory (not only AV and launchdata) and the games will have to use the kernel functions. The UMA could also result in problems. The video stuff can probably be fixed rather easily too by hooking AvSetDisplayMode [which might result in wrong image regions being used though]. - So that's also on my todo list. Also, to those people at emuxtras.net: My tools *should* work with the games which did not unpack successfully with root670s tool. (http://pastebin.com/JN9FYBkq - note that this is missing some important features such as dynamic path lengths, some permission related things, time and datestamps and most importantly directories which span multiple clusters - so then again it might not work). segaboot.xbe (I previously mentioned it as "bios files") is a special xbe which has a "broken" section header (If I remember correctly it also used a different XOR Key for the entry point and kernel thunk table). It also includes the mediaboard filesystem which means that it is very unlikely that it will work.
Question Sorry if im posting in a dead thread, but ive been looking for any info regarding Wangan Midnight Maximum Tune 1 and 2, will they run on a 64mb Xbox?, has some one already tried any of them? It seems Chihiro emulation is blooming right now, so i can finally play them some day soon maybe!
This thread is not dead. - Personally I'm just very busy with university at the moment. But once that is done I'll continue work on my Chihiro emulator / loader for the xbox. Not sure about root670. I send 2 pms asking about IM and was hoping for more posts by him in this thread. At least he is still checking the forums from time to time because his last activity was only 2 days ago. It looks like root670's tool didn't extract Wangan which is why it wasn't tested by those people on emuxtras.net. However, now that a version of my tool is available this could be tested. At least Wangan 1 and 2 are both dumped, however, I wouldn't expect too much yet.
I'm heavily confused and lost. There is almost no way that I'll ever complete or even work on this again. These are my chihiro tools. As mentioned before, I also planned to work on an emulator by re-adding paging to the xbox kernel. However, it's too much work and it just didn't seem worth it. http://jannikvogel.de/
If I only have time and the knowhow... wait, I can make time and get knowhow;-) Thanks for updating, and your website, informative and interesting for me
