CPS2 - This weekend I was bored and ...

I happen to have a dead Marvel Super Heroes vs Street Fighter CPS2 game and I never seen a "Phoenix Edition" version of this game so I went and made my own:


For those who don't know, the sprites are at wrong positions because the changes needed to make it work on the real hardware cause the program to write data at wrong offsets. Causing that effect on the emulator.

Was quite a challenge figure out how to split the data from code but once I figured out how to do that it was easy-peasy. :thumbsup:


P.S.: This post contains no copyrighted code.

 

I have no idear what you have really done but i like it so the pcb was broken and now it works. do save lots of $ buying busted pcbs and then fixing them up for yourself .

 

The hacked ROM writes graphic data to different I/O addresses on the 68000 memory space (to allow it work on the no battery board) but the emulator I used for testing (Nebula) expect it to be a regular ROM writing to the proper memory, hence the wrong graphics.

A "Phoenix edition" ROM would do the exact same thing on emulators.

I finally took my time to download mame sources (mame supports the memory map for dead boards) and added it to mame database.

It works on Mame with correct graphics if it's identified as "Phoenix edition"/"Bootleg" :thumbsup:


Now only need to test on the real thing... (But then I expect it to have extra protections still in need of hack :evil

Update:

Plays on the real hardware but need some more work (see the second picture)

 

Whats wrong l_oliveira thats normal looking for one of my pcb games
nothing is wrong.;-)




:gravedigging: another pcb and this one i didn't even touch.

 

Turns out there was nothing wrong with my hacked ROMs.

There were wrong settings on the board configuration jumpers (I've been playing with game swapping in it so I had it configured for EPROMS, :evil: so I undid the original ROM jumper settings)

Now I've fixed the jumpers and the game screen look like this:

 

Awesome its so good to know when your CPS2 dies it is possible to bring it back to life!

I have a phoenix of this and a regular one, also same for Marvel Super heroes v SF

 

I have a Japanese MSH Vs SF I bought that was dead and sent off to Razoola to get it Phoenixed. Curious, how did you go about the hack? Do you have an emulator setup to log Code/Data access as well as the necessary RAM or Register accesses that needed to be changed? I always guessed that is what Razoola has, a custom MAME build that does certain work automatically like the code/data separation. If you can share any details that would be appreciated.

 

Have you ever tried to compare two CPS2 roms of the same game/revision with mismatching regions, while encrypted ?


Take a look at the attached picture and judge by yourself...

Picture contains the 68000 interrupt vector table for the game Pocket fighter, pictured are the region which isn't encrypted. initial values of SP and PC are the first four bytes of the file. Non-encrypted data will match on both files. By logging where the original encrypted ROMS are equal (using a 16 bit compare algorithm) I can "punch holes" on a XOR file I generated from a DASM list of the decrypted ROM (using MAME with debugger) along with the original ROM file and then after I have the said XOR file with the proper "holes" (areas on the original ROM that contain data are zeroed out on my modified XOR). I only need to apply another XOR operation to the original file and my modified XOR to obtain a perfect, unencrypted dump.

Pretty slick, huh ? :lol:

Saves time for games that multiple regions under the same revision do exist. But then if you think of games like "Quiz Nanairo Dreams - Nijiirochō no Kiseki" which only one region exists, it's impossible to apply this method. So heavy analysis of the ROM may be necessary.

 

I bow to your greatness!

You are awesome personified

 

Most of the Phoenix images are in mame, although Raz asked for them to be removed, they are still there.

Get yourself the right emprom programmer and you can do it yourself.

 

Very cool work. Can you explain in a little more detail how you modified the program roms to write to different addresses?

 

This:

As per instructions given by Razoola himself on CPS2shock, you need to patch the RAM test code so the game gets to boot (He didn't mention this explicitly but said that you need to modify the game to not touch the last few bytes of the RAM), then you patch the sprites/objects drawing routines (the bunch of move instructions changed from the 0x040000x range) to point at that range so the graphics get drawn on the screen at the right places. :shrug:

The game in question is Street Fighter ZERO 3 (980629)


And relax, on the real thing the graphics are just fine:



Also there's some changes on the 04 file but they're of the same nature as the ones on the 03 file (which is the "meat" and "bones" of the game code, basically). The other eproms contain A.I. data, data tables for building the characters, backgrounds and tons of text on the game language (this game has an specific version of the romset for each region so no multiple text versions on a single romset exist...)

 

I can confirm l_olivera's information is accurate, I've tested this method on real hardware and it does indeed work nicely.

 

Two new hacked games:

Night Warriors (BRAZIL 950403)




Vampire Savior (Japan 970913)
Well I would do a different version if there were any as Raz done this one already but I wanted the original version without the phoenix stuff... :shrug:






Nebula isn't the most stable emulator around but it allows me to "preview" the game and see if it's working. It's INI based which allows me to use it as a testing platform.

Mame is good when I need an debugger to do stuff such as fix the ROM checksums on the self test program.

Oh and Vampire Savior was a BITCH to convert because there's no "clone set" with different encryption keys to employ the differences trick with. :shrug:


If one's wondering about the randomness of the games I'm working with, I'm repairing the boards as I obtain them. Instead of simply erasing ALL EPROMS and burning RAZ patched Phoenix roms, I prefer to do the hard work myself and have to screw around one or two eproms of the game.. :lol:

 

Great stuff:thumbsup:. I'd be doing the same to my games if I could figure out how to do it :banghead:. I don't like the extra splash screen and jukebox. I think they should be as close to original as possible:nod:. Thanks for sharing your info, maybe I'll get my head around it one day too.

 

One thing I could not help with was about vampire savior, when I compared the fully decrypted rom (original unpatched Capcom code) against Raz's romset and there were arbitrary changes on game code and even some data on ROM 05 and 08 (These two don't contain any code only DATA) were manipulated and atm I have no idea what is the purpose of it.

One thing I noticed with the Phoenix edition version of Pocket Fighter is that the AI is dumber than it's supposed to be. I wonder what effect the changes Raz made on Vampire Savior 2 are about ...

And dumber AI have nothing to do with decryption, it's more about wrong decryption or an deliberate manipulation of the game code to (I believe) make it identifiable in case it's on a game center. :shrug:

I don't like that idea and that's why I'm doing it myself... lol

My copy of Pocket Fighter seems to play exactly the same as the original one with the encryption enabled...

 

Some code changed may have been made to enable or use easier certain hidden or secret levels/characters I guess. I do like what you are doing as making minimal changes just to get the game to function again on a dead board is what most people want. Building an archive of CPS2 games that are decrypted and have had the minimal changes made and are verified working is a great thing to do. Although it would be neat if someday someone figures out how you reprogram the decryption data so you could put a new battery in and reload the decryption data since most if not all games have known key data now.

 

;-)

 

That's a nice blurry PCB picture. Do I print it out and wave it over dead CPS2 boards like a wand to revive them?