Hi,
I’ve been doing some reading and research about the neo geo MVS copy protection schemes. I am hoping someone could double check my summary below to see if I am correct, and also answer a few questions that I have (or point me to where I can find this info).
Essentially, MVS systems have three forms of copy protection: scrambling, encryption and other ASIC-based functionality. Not all games use all of them, and some use none. Scrambling refers to shuffling the data and address lines which go to the various mask ROMs in the cartridge, as well as storing the various ROM chunks in unusual ways. Encryption is exactly that; using some form of cipher to hide the content of the mask ROM. The extra ASIC functionality is varied, but it involves some sort of communication with a special chip in the cartridge. A decrypted ROM on a cartridge may not work without these special ASICs
Some questions I have:
1. Are the data reads descrambled by the time they reach the cartridge edge connector? Or are the scrambled addresses embedded in the 68k code too?
2. Similarly, are the data reads decrypted by the time they reach the edge connector (ie by some ASIC)? Or is there some 68k magic?
3. Is the ASIC protection for different cartridges documented anywhere?
4. Is there a list of “correct” encrypted and decrypted ROM checksums or hashes somewhere online?
5. When people speak about decrypted *and* patched ROMs, are the patches just to remove the checks for the ASICs in the cartridge?
Thanks in advance for any pointers!
I’ve been doing some reading and research about the neo geo MVS copy protection schemes. I am hoping someone could double check my summary below to see if I am correct, and also answer a few questions that I have (or point me to where I can find this info).
Essentially, MVS systems have three forms of copy protection: scrambling, encryption and other ASIC-based functionality. Not all games use all of them, and some use none. Scrambling refers to shuffling the data and address lines which go to the various mask ROMs in the cartridge, as well as storing the various ROM chunks in unusual ways. Encryption is exactly that; using some form of cipher to hide the content of the mask ROM. The extra ASIC functionality is varied, but it involves some sort of communication with a special chip in the cartridge. A decrypted ROM on a cartridge may not work without these special ASICs
Some questions I have:
1. Are the data reads descrambled by the time they reach the cartridge edge connector? Or are the scrambled addresses embedded in the 68k code too?
2. Similarly, are the data reads decrypted by the time they reach the edge connector (ie by some ASIC)? Or is there some 68k magic?
3. Is the ASIC protection for different cartridges documented anywhere?
4. Is there a list of “correct” encrypted and decrypted ROM checksums or hashes somewhere online?
5. When people speak about decrypted *and* patched ROMs, are the patches just to remove the checks for the ASICs in the cartridge?
Thanks in advance for any pointers!