Security code: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
(Add security code from SNK official doc) |
||
| Line 4: | Line 4: | ||
There is some jsr to the security location inside the bios code but it seems to never be called (at least for the euro v2 one). | There is some jsr to the security location inside the bios code but it seems to never be called (at least for the euro v2 one). | ||
From Official SNK doc : | |||
<pre> | |||
dc.w 07600H, 04A6DH, 00A14H, 06600H | |||
dc.w 0003CH, 0206DH, 00A04H, 03E2DH | |||
dc.w 00A08H, 013C0H, 00030H, 00001H | |||
dc.w 03210H, 00C01H, 000FFH, 0671AH | |||
dc.w 03028H, 00002H, 0D02DH, 00ACEH | |||
dc.w 06610H, 03028H, 00004H, 0B02DH | |||
dc.w 00ACFH, 00606H, 0B22DH, 00AD0H | |||
dc.w 06708H, 05088H, 051CFH, 0FFD4H | |||
dc.w 03607H, 04E75H, 0206DH, 00A04H | |||
dc.w 03E2DH, 00A08H, 03210H, 0E049H | |||
dc.w 00C01H, 000FFH, 0671AH, 03010H | |||
dc.w 0B02DH, 00ACEH, 06612H, 03028H | |||
dc.w 00002H, 0E048H, 0B02DH, 00ACFH | |||
dc.w 06606H, 0B22DH, 00AD0H, 06708H | |||
dc.w 05888H, 051CFH, 0FFD8H, 03607H | |||
dc.w 04E75H | |||
</pre> | |||
From KOF96 (CD): | From KOF96 (CD): | ||
Revision as of 12:02, 24 June 2011
Pointed to by $182.
The bios will simple compare bytes per bytes this code with the one inside itself (at 0xC146A2 for the euro v2 one).
There is some jsr to the security location inside the bios code but it seems to never be called (at least for the euro v2 one).
From Official SNK doc :
dc.w 07600H, 04A6DH, 00A14H, 06600H dc.w 0003CH, 0206DH, 00A04H, 03E2DH dc.w 00A08H, 013C0H, 00030H, 00001H dc.w 03210H, 00C01H, 000FFH, 0671AH dc.w 03028H, 00002H, 0D02DH, 00ACEH dc.w 06610H, 03028H, 00004H, 0B02DH dc.w 00ACFH, 00606H, 0B22DH, 00AD0H dc.w 06708H, 05088H, 051CFH, 0FFD4H dc.w 03607H, 04E75H, 0206DH, 00A04H dc.w 03E2DH, 00A08H, 03210H, 0E049H dc.w 00C01H, 000FFH, 0671AH, 03010H dc.w 0B02DH, 00ACEH, 06612H, 03028H dc.w 00002H, 0E048H, 0B02DH, 00ACFH dc.w 06606H, 0B22DH, 00AD0H, 06708H dc.w 05888H, 051CFH, 0FFD8H, 03607H dc.w 04E75H
From KOF96 (CD):
moveq #0,d3 tst 2580(a5) ;$10FD14.w bne LAB_20F3 ; movea.l 2564(a5),a0 ;$10FD04.l move 2568(a5),d7 ;$10FD08.w LAB_20F0: move.b d0,EXT_03E5 ;watchdog move (a0),d1 cmpi.b #$FF,d1 beq.s LAB_20F1 ;skip move 2(a0),d0 cmp.b 2766(a5),d0 ;$10FDCE.b bne.s LAB_20F1 ;skip move 4(a0),d0 cmp.b 2767(a5),d0 ;$10FDCF.b bne.s LAB_20F1 ;skip cmp.b 2768(a5),d1 ;$10FDD0.b beq.s LAB_20F2 LAB_20F1: addq.l #8,a0 dbf d7,LAB_20F0 move d7,d3 LAB_20F2: rts LAB_20F3: movea.l 2564(a5),a0 ;$10FD04.l move 2568(a5),d7 ;$10FD08.w LAB_20F4: move (a0),d1 lsr #8,d1 cmpi.b #$FF,d1 beq.s LAB_20F5 ;skip move (a0),d0 cmp.b 2766(a5),d0 ;$10FDCE.b bne.s LAB_20F5 ;skip move 2(a0),d0 lsr #8,d0 cmp.b 2767(a5),d0 ;$10FDCF.b bne.s LAB_20F5 ;skip cmp.b 2768(a5),d1 ;$10FDD0.b beq.s LAB_20F6 LAB_20F5: addq.l #4,a0 dbf d7,LAB_20F4 move d7,d3 LAB_20F6: rts
From sp-s2.sp1 :
Security:
moveq #0, d3
tst.w 0xA14(a5)
bne.w loc_C146E6
movea.l 0xA04(a5), a0
move.w 0xA08(a5), d7
loc_C146B4:
move.b d0, (0x300001).l
move.w (a0), d1
cmpi.b #0xFF, d1
beq.s loc_C146DC
move.w 2(a0), d0
cmp.b 0xACE(a5), d0
bne.s loc_C146DC
move.w 4(a0), d0
cmp.b 0xACF(a5), d0
bne.s loc_C146DC
cmp.b 0xAD0(a5), d1
beq.s locret_C146E4
loc_C146DC:
addq.l #8, a0
dbf d7, loc_C146B4
move.w d7, d3
locret_C146E4:
rts
loc_C146E6:
movea.l 0xA04(a5), a0
move.w 0xA08(a5), d7
loc_C146EE:
move.w (a0), d1
lsr.w #8, d1
cmpi.b #0xFF, d1
beq.s loc_C14712
move.w (a0), d0
cmp.b 0xACE(a5), d0
bne.s loc_C14712
move.w 2(a0), d0
lsr.w #8, d0
cmp.b 0xACF(a5), d0
bne.s loc_C14712
cmp.b 0xAD0(a5), d1
beq.s locret_C1471A
loc_C14712:
addq.l #4, a0
dbf d7, loc_C146EE
move.w d7, d3
locret_C1471A:
rts