Difference between revisions of "Mega Drive Unlicensed Game Emulation Notes"

From Sega Retro

(added Thunderbolt II, Hei Tao 2: Super Big 2, added details for 16 Zhang Ma Jiang and 777 Casino)
 
(46 intermediate revisions by one other user not shown)
Line 1: Line 1:
 
:''TODO: Is there a better category? And I have to add everything =P (plus ROM addresses, SRAM specifics, etc.)''
 
:''TODO: Is there a better category? And I have to add everything =P (plus ROM addresses, SRAM specifics, etc.)''
Unlike official Mega Drive games, unlicensed games usually have copy protection schemes, SRAM mapping oddities, or other hardware quirks that emulator authors should take note of if they want their emulators to work with these games. sha1sums of dumps to watch out for are given.
+
Unlike official Mega Drive games, unlicensed games usually have copy protection schemes, SRAM mapping oddities, or other hardware quirks that emulator authors should take note of if they want their emulators to work with these games. sha1sums of dumps to watch out for are given; '''make sure to only apply the changes on the listed sha1sums!''' Some modifications, such as the present dump of ''[[Jiu Ji Ma Jiang II: Ye Yan Bian]]'', may not react kindly to these custom modifications (in this particular case, the register check's conditional branches are ''reversed'', meaning the game will fail if the registers match); in other cases (as with many ROMs marked [f] in the [[GoodGen]] set), the changes are simply not needed.
  
 
Note that at present, no unlicensed game is known to use Sega's standard checksum routine, so checksum fixing should NOT be done to these games (especially since some, for example ''[[Aq Renkan Awa]]'', are known to store code at $18E).
 
Note that at present, no unlicensed game is known to use Sega's standard checksum routine, so checksum fixing should NOT be done to these games (especially since some, for example ''[[Aq Renkan Awa]]'', are known to store code at $18E).
 +
 +
==Checklist for keeping track of what I'm doing==
 +
To be edited as time goes on. .gen is from GoodGen and .md is from no-intro, with the no-intro names taking precedence (I'll take care of that later)
 +
<pre>12-in-1 (Unl) [!].gen
 +
16 Tiles Mahjong (Unl) [b1].gen
 +
16 Tiles Mahjong (Unl).gen
 +
16 Tiles Mahjong (Unl) [h1C].gen
 +
777 Casino (Unl).gen
 +
777 Casino (Unl) [h1C].gen
 +
777 Casino (Unl) [h2C].gen
 +
Action 52 (Unl) [a1][!].gen
 +
Action 52 (Unl) [b1].gen
 +
Action 52 (Unl) [b2].gen
 +
Action 52 (Unl) [!].gen
 +
Action 52 (Unl) [h1C].gen
 +
Action 52 (Unl) [h2C].gen
 +
Action 52 (Unl) [h3C].gen
 +
Action Replay (Unl) [!].gen
 +
Aladdin II (Unl).gen
 +
Aq Renkan Awa (Unl).gen
 +
Barver Battle Saga - The Space Fighter (Ch) [a1].gen
 +
Barver Battle Saga - The Space Fighter (Ch).gen
 +
Barver Battle Saga - The Space Fighter (V0.9) (Ch).gen
 +
Bible Adventures (Unl) [!].gen
 +
Bible Adventures (Unl) [h1C].gen
 +
Bug's Life, A (Unl) [f1].gen
 +
Bug's Life, A (Unl) [f2].gen
 +
Bug's Life, A (Unl) [!].gen
 +
Bug's Life, A (Unl) [h1C].gen
 +
CDX Pro BIOS V1.70 (Unl) [b1].gen
 +
CDX Pro BIOS V1.8I (Unl).gen
 +
CDX Pro BIOS V1.8I (Unl) [o1].gen
 +
Chaoji Dafuweng (Unl) [!].gen
 +
Chess (Unl) [!].gen
 +
Chinese Chess (Unl) [b1].gen
 +
Chinese Chess (Unl).gen
 +
Conquering the World III (Ch-Simple).gen
 +
Conquering the World III (Ch-Trad).gen
 +
Devilish Mahjong Tower (Unl) [b1].gen
 +
Devilish Mahjong Tower (Unl) [b2].gen
 +
Devilish Mahjong Tower (Unl) [b3].gen
 +
Devilish Mahjong Tower (Unl).gen
 +
Dial Q o Mawase! (Unl).gen
 +
Dial Q o Mawase! (Unl) [h1C].gen
 +
Dial Q o Mawase! (Unl) [T+Chi].gen
 +
Divine Sealing (Unl) [!].gen
 +
Divine Sealing (Unl) [h1C].gen
 +
Divine Sealing (Unl) [h2C].gen
 +
Domino (Unl).gen
 +
Earth Defend, The (Unl) [b1].gen - not sure what happened here
 +
Elf Wor (Unl) [h1C].gen - this is a header hack so still needs the copy protection; IDK if I should throw it in...
 +
Exodus (Unl) [!].gen
 +
Fengshen Yingjiechuan (Ch).gen
 +
Fido Dido (Unl) [b1].gen
 +
Fido Dido (Unl).gen
 +
FIFA Soccer 2000 Gold Edition (Unl) (M6) [!].gen
 +
Fun Car Rally (Unl) [b1].gen
 +
Fun Car Rally (Unl).gen
 +
Fun Car Rally (Unl) [h1C].gen
 +
Fun Car Rally (Unl) [h2C].gen
 +
Futbol Argentino 98 - Pasion de Multitudes (Unl).gen
 +
Gamtec Magicard (Unl) [!].gen
 +
Ghost Hunter (Unl) [b1+C].gen
 +
Ghost Hunter (Unl) [b1].gen
 +
Ghost Hunter (Unl) [b2].gen
 +
Ghost Hunter (Unl).gen
 +
Hercules 2 (Unl).gen
 +
Hercules (Unl) [!].gen - hack of [[Dahna Megami Tanjou]]; should see if we can find out if it's a Glorysun game or not
 +
Iraq War 2003 (Unl).gen
 +
Joshua & the Battle of Jericho (Unl) [!].gen
 +
King of Fighters '98, The (Unl) [!].gen
 +
King of Fighters '98, The (Unl) [p1][!].gen
 +
Link Dragon (Unl).gen
 +
Link Dragon (Unl) [h1C].gen
 +
Lion King 3 (Unl) [f1].gen
 +
Lion King 3 (Unl).gen
 +
Lion King II, The (Unl) [!].gen
 +
Lion King II, The (Unl) [p1][!].gen
 +
Magic Girl (Unl) [!].gen
 +
Magic Girl (Unl) [h1C].gen
 +
Magic Girl (Unl) [t1].gen
 +
Mahjong Lover (Unl) [!].gen
 +
Mega Bomberman - 8 Player Demo (Unl).gen
 +
Mega Bomberman - 8 Player Demo (Unl) [h1C].gen
 +
Mega Bomberman - 8 Player Demo (Unl) [h2C].gen
 +
Mega Bomberman - 8 Player Demo (Unl) [h3C].gen
 +
MK 5 - Mortal Combat - SubZero (Unl) [!].gen
 +
MK 5 - Mortal Combat - SubZero (Unl) [p1][!].gen
 +
Mulan (Unl) [f1].gen
 +
Mulan (Unl) [f2].gen
 +
Mulan (Unl) [!].gen
 +
Pocket Monsters 2 (Unl) [f1].gen
 +
Pocket Monsters 2 (Unl) [!].gen
 +
Pocket Monsters (Unl) [a1][f1].gen
 +
Pocket Monsters (Unl) [a1][!].gen
 +
Pocket Monsters (Unl) [f1].gen
 +
Pocket Monsters (Unl) [!].gen
 +
Pokemon Crazy Drummer (Unl).gen
 +
Pretty Girl Mahjongg (Ch).gen
 +
Pretty Girl Mahjongg (Ch) [h1C].gen
 +
Pretty Girl Mahjongg (Ch) [h2C].gen
 +
Pro Action Replay 2 V2.1 (Unl) [!].gen
 +
Pro Action Replay (Unl) [!].gen
 +
Rockman X3 (Unl) [b1].gen
 +
Rockman X3 (Unl) [b2].gen
 +
Rockman X3 (Unl) [f1].gen
 +
Rockman X3 (Unl) [!].gen
 +
Romance of the Three Kingdoms Part 5 (Ch).gen
 +
Sangokushi Retsuden (Ch).gen
 +
Sangokushi Retsuden (Ch) [h1C].gen
 +
Sangokushi Retsuden (Ch) [h2C].gen
 +
Sega Subor System Cartridge (Unl).gen
 +
Smart Mouse (Unl) [h1C].gen - this is a header hack so still needs the copy protection; IDK if I should throw it in...
 +
Sonic Jam 6 (Unl) [f1].gen
 +
Sonic Jam 6 (Unl) [f1][o1].gen
 +
Sonic Jam 6 (Unl) [f2].gen
 +
Sonic Jam 6 (Unl) [!].gen
 +
Sonic Jam 6 (Unl) [p1][!].gen
 +
Soul Blade (Unl) [!].gen
 +
Spiritual Warfare (Unl) [!].gen
 +
Spiritual Warfare (Unl) [h1C].gen
 +
Spiritual Warfare (Unl) [h2C].gen
 +
Super Chinese Tycoon (Unl) [f1].gen
 +
Super Donkey Kong 99 (Unl) [f1].gen
 +
Super Donkey Kong 99 (Unl) [!].gen
 +
Super Donkey Kong 99 (Unl) [h1C].gen
 +
Super King Kong 99 (Unl) [!].gen
 +
Super Mario 2 1998 (Unl) [f1].gen
 +
Super Mario 2 1998 (Unl) [!].gen
 +
Super Mario 2 1998 (Unl) [o1][f1].gen
 +
Super Mario 2 1998 (Unl) [o1].gen
 +
Super Mario Bros. (Unl) [f1].gen
 +
Super Mario Bros. (Unl) [!].gen
 +
Super Mario World (Unl) [f1].gen
 +
Super Mario World (Unl) [!].gen
 +
Super Mario World (Unl) [p1][!].gen
 +
Taiwan Tycoon (Unl) [b1].gen
 +
Taiwan Tycoon (Unl).gen
 +
Tekken 3 Special (Unl).gen
 +
Tiger Hunter Hero Novel (Ch).gen
 +
Top Fighter 2000 MK VIII (Unl) [f1].gen
 +
Top Fighter 2000 MK VIII (Unl) [!].gen
 +
Top Shooter (Unl).gen
 +
TotoTek Multi-Game Menu V1.00 (Unl).gen
 +
Unknown Chinese Game 1 (Ch).gen - Feng Shen Ying Jie Chuan; not sure if different
 +
Unknown Chinese Game 2 (Ch).gen - Shui Hu Zhuan; not sure if different
 +
Virtua Fighter 2 vs Tekken 2 (Unl) [b1].gen
 +
Virtua Fighter 2 vs Tekken 2 (Unl) [b2].gen
 +
Virtua Fighter 2 vs Tekken 2 (Unl).gen
 +
Virtua Fighter 2 vs Tekken 2 (Unl) [h1C].gen
 +
World Pro Baseball 94 (Unl).gen
 +
Yang Warrior Family, The (Ch).gen
 +
 +
 +
16 Zhang Ma Jiang (China) (Unl).md
 +
Action 52 (USA) (Alt) (Unl).md
 +
Action 52 (USA) (Unl).md
 +
Adventurous Boy - Mao Xian Xiao Zi (China) (Unl).md
 +
Aq Renkan Awa (China) (Unl).md
 +
Barver Battle Saga - Tai Kong Zhan Shi (China) (Unl).md
 +
Bible Adventures (USA) (Unl).md
 +
Chao Ji Da Fu Weng (China) (Unl).md
 +
Dial Q o Mawase! (Japan) (Unl).md
 +
Divine Sealing (Japan) (Unl).md
 +
Exodus - Journey to the Promised Land (USA) (Unl).md
 +
Feng Kuang Tao Hua Yuan (China) (Unl).md
 +
Feng Shen Ying Jie Chuan (China) (Unl).md
 +
Hei Tao 2 - Super Big 2 (China) (Unl).md
 +
Hua Mu Lan - Mulan (China) (Unl).md
 +
Jiu Ji Ma Jiang II - Ye Yan Bian (China) (Unl).md
 +
Joshua & The Battle of Jericho (USA) (Unl).md
 +
Long (China) (Unl).md
 +
Ma Jiang Qing Ren - Ji Ma Jiang Zhi (China) (Unl).md
 +
Ma Qiao E Mo Ta - Devilish Mahjong Tower (China) (Unl).md
 +
Meng Huan Shui Guo Pan - 777 Casino (China) (Unl).md
 +
San Guo Zhi V (China) (Unl).md
 +
Shi Jie Zhi Bang Zheng Ba Zhan - World Pro Baseball 94 (China) (Unl).md
 +
Shui Hu - Feng Yun Zhuan (China) (Unl).md
 +
Shui Hu Zhuan (China) (Unl).md
 +
Spiritual Warfare (USA) (Unl).md
 +
Squirrel King (China) (Unl).md
 +
Taiwan Daheng (China) (Unl).md
 +
Tun Shi Tian Di III (China) (Simple Chinese) (Unl).md
 +
Tun Shi Tian Di III (China) (Unl).md
 +
Wu Kong Wai Zhuan (China) (Unl).md
 +
Xiao Monv - Magic Girl (China) (Unl).md
 +
Yang Jia Jiang - Yang Warrior Family (China) (Unl).md
 +
Zhuo Gui Da Shi - Ghost Hunter (China) (Unl).md</pre>
  
 
==Games With Constant-Value Hardware Registers==
 
==Games With Constant-Value Hardware Registers==
 
:''TODO many, many, many more''
 
:''TODO many, many, many more''
 +
:''TODO perhaps this section should be changed to include the phrase "MD Compatible" (with quotes) as Creaton Softech's Ma Jiang Qing Ren: Ji Ma Jiang Zhi, though it uses a similar method, has different registers''
 
A large number of unlicensed games merely read various constant '''byte''' values stored at specific addresses in the $400000 region as copy protection.
 
A large number of unlicensed games merely read various constant '''byte''' values stored at specific addresses in the $400000 region as copy protection.
  
Line 17: Line 206:
 
! $400006
 
! $400006
 
! On Failure
 
! On Failure
 +
|-
 +
|[[16 Zhang Ma Jiang]]
 +
|7857c797245b52641a3d1d4512089bccb0ed5359
 +
|
 +
|$AA (word read; $400003 ignored)
 +
|
 +
|$F0 (word read; $400007 ignored)
 +
|
 +
*$400002: check at $18EA causes a game over at the end of the round
 +
*$400006: check at $15D4 skips code after putting a tile, affects CPU player?
 
|-
 
|-
 
|[[Elf Wor]]
 
|[[Elf Wor]]
|
+
|5fc4591fbb1acc64e184466c7b6287c7f64e0b7a
 
|$55
 
|$55
 
|$F
 
|$F
Line 26: Line 225:
 
|-
 
|-
 
|[[Huan Le Tao Qi Shu: Smart Mouse]]
 
|[[Huan Le Tao Qi Shu: Smart Mouse]]
|''TODO''
+
|df7a2527875317406b466175f0614d343dd32117
 
|$55
 
|$55
 
|$F
 
|$F
Line 33: Line 232:
 
|The game will fade to black and freeze several seconds into gameplay. Check is at ROM $8BC.
 
|The game will fade to black and freeze several seconds into gameplay. Check is at ROM $8BC.
 
|-
 
|-
| [[Mighty Morphin' Power Rangers: The Fighting Edition]]
+
|[[Hei Tao 2: Super Big 2]]
| 25d2d6a5ab20e16b8b42b67e5fb338421b64b29b
+
|e1e4c439c5c22fa5cfcecaab421c55bf1746b5de
 +
|$55
 +
| colspan="3"|Read by Z80, written to 68k RAM after winning the 8th match
 +
|Z80 will try to overwrite RAM when winning the 8th (last?) match, crashing the game.
 +
|-
 +
|[[Meng Huan Shui Guo Pan: 777 Casino]]
 +
|df20a28d03a2cd481af134ef7602062636c3cc79
 +
|$55 or $63
 +
| colspan="3"|Read by Z80, but appear to be unused on either side (TODO)
 +
|Z80 will try to overwrite RAM when playing the town theme the 3rd time, which will cause breakage and make the player unable to move.
 +
|-
 +
|[[Mighty Morphin' Power Rangers: The Fighting Edition]]
 +
|25d2d6a5ab20e16b8b42b67e5fb338421b64b29b
 
|$55
 
|$55
 
|$F
 
|$F
|
+
|$C9 (TODO will $AA work too?)
 
|$18
 
|$18
 
|-
 
|-
Line 47: Line 258:
 
|
 
|
 
|It will play a high-pitched beeping sound and refuse to go past the beginning of the title screen. This check is at ROM $123E4.
 
|It will play a high-pitched beeping sound and refuse to go past the beginning of the title screen. This check is at ROM $123E4.
 +
|-
 +
|[[Thunderbolt II]]
 +
|3dca68795b6c9a16cafa5e71218d5ce83aa465fc
 +
|$55
 +
|
 +
|
 +
|$F0
 +
|
 +
*Fail with $400000: It tries to show credits screen instead of playing title music. (Graphics are broken due to the title screen animation continuing to run.)
 +
*Fail with $400006: Player dies on the second hit and goes game over.
 +
*Due to the game copying the values to RAM and checking them later, these PAR codes can defeat the copy protection: FF0082:5500, FF007E:F000
 +
*related ROM locations are: $0003D6, $000B5E, $000468, $007114
 +
|-
 +
|[[Ya Se Chuan Shuo]]
 +
|
 +
*"Imperial Dynasty" version: presently undumped
 +
*"The Legend of Arthur" version: 8fe0806427e123717ba20478ab1410c25fa942e6
 +
|$63
 +
|$98
 +
|$C9
 +
|$18
 +
|Major sound failure; some unknown 68000-side effects too
 
|-
 
|-
 
|}
 
|}
  
 
===Additional Game Specifics===
 
===Additional Game Specifics===
 +
====[[Elf Wor]]====
 +
The game checksums the two that do the copy protection check and will refuse to boot if the checksums do not match:
 +
<pre>ROM:000003EC                lea    ($5166).l,a0    ; what this routine does is presently unknown (TODO)
 +
ROM:000003F2                move.w  #$2FF,d7
 +
ROM:000003F6                move.w  #0,d0
 +
ROM:000003FA
 +
ROM:000003FA loc_3FA:                                ; CODE XREF: ROM:000003FC�j
 +
ROM:000003FA                add.b  (a0)+,d0
 +
ROM:000003FC                dbf    d7,loc_3FA
 +
ROM:00000400                cmpi.b  #$5E,d0
 +
ROM:00000404                beq.w  loc_40E        ; next check
 +
ROM:00000408                jmp    (loc_300).l    ; back to entry point == no boot
 +
ROM:0000040E ; ---------------------------------------------------------------------------
 +
ROM:0000040E
 +
ROM:0000040E loc_40E:                                ; CODE XREF: ROM:00000404�j
 +
ROM:0000040E                lea    ($1AAE).l,a0    ; this is the player event handling routine
 +
ROM:00000414                move.w  #$1FF,d7
 +
ROM:00000418                move.w  #0,d0
 +
ROM:0000041C
 +
ROM:0000041C loc_41C:                                ; CODE XREF: ROM:0000041E�j
 +
ROM:0000041C                add.b  (a0)+,d0
 +
ROM:0000041E                dbf    d7,loc_41C
 +
ROM:00000422                cmpi.b  #$94,d0
 +
ROM:00000426                beq.w  sub_430        ; boot!
 +
ROM:0000042A                jmp    (loc_300).l    ; back to entry point == no boot</pre>
 +
 
====[[Mighty Morphin' Power Rangers: The Fighting Edition]]====
 
====[[Mighty Morphin' Power Rangers: The Fighting Edition]]====
(TODO cleanup this part) According to Eke, author of [[Genesis Plus GX]]:
+
As with Elf Wor, there are routines to checksum the routines that do the copy protection:
<pre>00065D2E:6000 ; bypass a first check
+
<pre>ROM:000693B6 ; =============== S U B R O U T I N E =======================================
00065D3A:070A ; fixes internal checksum so it matches original value
+
ROM:000693B6
 +
ROM:000693B6
 +
ROM:000693B6 sub_693B6:                              ; CODE XREF: sub_65AA2+3AE�p
 +
ROM:000693B6                cmpi.w  #$14,($FF064A).l
 +
ROM:000693BE                bne.w  locret_693EA
 +
ROM:000693C2                lea    (loc_661DE).l,a3
 +
ROM:000693C8                clr.l  d0
 +
ROM:000693CA                moveq  #$1A,d1
 +
ROM:000693CC
 +
ROM:000693CC loc_693CC:                              ; CODE XREF: sub_693B6+18�j
 +
ROM:000693CC                add.w  (a3)+,d0
 +
ROM:000693CE                dbf    d1,loc_693CC
 +
ROM:000693D2                cmpi.w  #$46D2,d0
 +
ROM:000693D6                beq.w  locret_693EA
 +
ROM:000693DA                move.w  #$EEEF,($FF020A).l ; on failure, this happens; not sure what the effect is
 +
ROM:000693E2                move.w  #$EEEF,($FF040A).l
 +
ROM:000693EA
 +
ROM:000693EA locret_693EA:                          ; CODE XREF: sub_693B6+8�j
 +
ROM:000693EA                                        ; sub_693B6+20�j
 +
ROM:000693EA                rts
 +
ROM:000693EA ; End of function sub_693B6
 +
ROM:000693EA
 +
ROM:000693EA ; ---------------------------------------------------------------------------</pre>
  
000661FC:6000 ; bypass a second check
+
Furthermore, at $65DD4, some code is copied to ROM space to (presumably) cause the game to reboot. This is designed to thwart copiers who run games off RAM mapped where the ROM would be.
00066208:070A ; fixes internal checksum so it matches original value </pre>
 
  
Additionally there's a routine that overwrites ROM to thwart copiers (TODO)
+
(TODO cleanup this part) According to Eke, author of [[Genesis Plus GX]]:
 +
<pre>00065D3A:070A ; fixes internal checksum so it matches original value </pre>TODO find out where this other internal checksum is checked
  
 
====[[Super Bubble Bobble MD]]====
 
====[[Super Bubble Bobble MD]]====
Line 65: Line 346:
  
 
==Games That Use Mirrored Memory For Copy Protection==
 
==Games That Use Mirrored Memory For Copy Protection==
:''TODO not as many: Tiny Toon Adventures 3, Barver Battle Saga, Shui Hu Zhuan, Feng Shen Whatchamacallit are the only four I know of so far''
+
:''TODO not as many: Tiny Toon Adventures 3, Barver Battle Saga, Shui Hu Zhuan, Feng Shen Ying Jie Chuan, and Squirrel King are the only five I know of so far''
Some games store memory instead of constant values at the $400000 area, writing '''byte''' values to one address and expecting to read them back from a different address.
+
Some games store memory instead of constant values at the $400000 area, writing '''byte''' values to one address and expecting to read them back from a different address. While each game uses different pairs of addresses (some even switching between pairs), all of them will still work if the expected value is read back from all addresses, which would be the safest option for emulator authors.
 
 
{| class="prettytable"
 
|-
 
! Game
 
! sha1sum
 
! Write To
 
! Read From
 
! On Failure
 
|-
 
|}
 
  
 
===Additional Game Specifics===
 
===Additional Game Specifics===
Line 82: Line 353:
 
==Games With [[Rockman X3]]-style ROM Banking==
 
==Games With [[Rockman X3]]-style ROM Banking==
 
:''TODO this one will hurt''
 
:''TODO this one will hurt''
 +
 +
==Games With [[Super Donkey Kong  99]]-style ROM Banking==
 +
:''TODO so will this''
  
 
==All [[Realtec]] Games==
 
==All [[Realtec]] Games==
Line 102: Line 376:
 
Affected ROMs:
 
Affected ROMs:
 
*[[Xin Qi Gai Wang Zi]]: presently undumped
 
*[[Xin Qi Gai Wang Zi]]: presently undumped
*Dumps of pirate versions: ''TODO''
+
*Dumps of pirate versions: 75f8003a6388814c1880347882b244549da62158, 4a7494d8601149f43ba7e3595a0b2340cde2e9ba
 
The game is 4MB storing SRAM above the $400000 mark. (TODO get specifics)
 
The game is 4MB storing SRAM above the $400000 mark. (TODO get specifics)
 
==[[Ya Se Chuan Shuo]]==
 
Affected ROMs:
 
*"Imperial Dynasty" version: presently undumped
 
*"The Legend of Arthur" version: 8fe0806427e123717ba20478ab1410c25fa942e6
 
The [[Data East]]/[[Side Pocket]] driver stolen from ''[[High Seas Havoc]]'' used in this game is slightly modified; an add from Z80 RAM to a register (TODO) is used. If this instruction is not emulated correctly, the play song routine will load invalid music and eventually crash.
 
 
Furthermore, the Z80 sound driver presumably expects that the uppermost 32KB of ROM (from $1F8000) be mirrored at $400000. This needs to be confirmed.
 
  
 
[[Category:Emulation]]
 
[[Category:Emulation]]

Latest revision as of 13:12, 1 August 2016

TODO: Is there a better category? And I have to add everything =P (plus ROM addresses, SRAM specifics, etc.)

Unlike official Mega Drive games, unlicensed games usually have copy protection schemes, SRAM mapping oddities, or other hardware quirks that emulator authors should take note of if they want their emulators to work with these games. sha1sums of dumps to watch out for are given; make sure to only apply the changes on the listed sha1sums! Some modifications, such as the present dump of Jiu Ji Ma Jiang II: Ye Yan Bian, may not react kindly to these custom modifications (in this particular case, the register check's conditional branches are reversed, meaning the game will fail if the registers match); in other cases (as with many ROMs marked [f] in the GoodGen set), the changes are simply not needed.

Note that at present, no unlicensed game is known to use Sega's standard checksum routine, so checksum fixing should NOT be done to these games (especially since some, for example Aq Renkan Awa, are known to store code at $18E).

Checklist for keeping track of what I'm doing

To be edited as time goes on. .gen is from GoodGen and .md is from no-intro, with the no-intro names taking precedence (I'll take care of that later)

12-in-1 (Unl) [!].gen
16 Tiles Mahjong (Unl) [b1].gen
16 Tiles Mahjong (Unl).gen
16 Tiles Mahjong (Unl) [h1C].gen
777 Casino (Unl).gen
777 Casino (Unl) [h1C].gen
777 Casino (Unl) [h2C].gen
Action 52 (Unl) [a1][!].gen
Action 52 (Unl) [b1].gen
Action 52 (Unl) [b2].gen
Action 52 (Unl) [!].gen
Action 52 (Unl) [h1C].gen
Action 52 (Unl) [h2C].gen
Action 52 (Unl) [h3C].gen
Action Replay (Unl) [!].gen
Aladdin II (Unl).gen
Aq Renkan Awa (Unl).gen
Barver Battle Saga - The Space Fighter (Ch) [a1].gen
Barver Battle Saga - The Space Fighter (Ch).gen
Barver Battle Saga - The Space Fighter (V0.9) (Ch).gen
Bible Adventures (Unl) [!].gen
Bible Adventures (Unl) [h1C].gen
Bug's Life, A (Unl) [f1].gen
Bug's Life, A (Unl) [f2].gen
Bug's Life, A (Unl) [!].gen
Bug's Life, A (Unl) [h1C].gen
CDX Pro BIOS V1.70 (Unl) [b1].gen
CDX Pro BIOS V1.8I (Unl).gen
CDX Pro BIOS V1.8I (Unl) [o1].gen
Chaoji Dafuweng (Unl) [!].gen
Chess (Unl) [!].gen
Chinese Chess (Unl) [b1].gen
Chinese Chess (Unl).gen
Conquering the World III (Ch-Simple).gen
Conquering the World III (Ch-Trad).gen
Devilish Mahjong Tower (Unl) [b1].gen
Devilish Mahjong Tower (Unl) [b2].gen
Devilish Mahjong Tower (Unl) [b3].gen
Devilish Mahjong Tower (Unl).gen
Dial Q o Mawase! (Unl).gen
Dial Q o Mawase! (Unl) [h1C].gen
Dial Q o Mawase! (Unl) [T+Chi].gen
Divine Sealing (Unl) [!].gen
Divine Sealing (Unl) [h1C].gen
Divine Sealing (Unl) [h2C].gen
Domino (Unl).gen
Earth Defend, The (Unl) [b1].gen - not sure what happened here
Elf Wor (Unl) [h1C].gen - this is a header hack so still needs the copy protection; IDK if I should throw it in...
Exodus (Unl) [!].gen
Fengshen Yingjiechuan (Ch).gen
Fido Dido (Unl) [b1].gen
Fido Dido (Unl).gen
FIFA Soccer 2000 Gold Edition (Unl) (M6) [!].gen
Fun Car Rally (Unl) [b1].gen
Fun Car Rally (Unl).gen
Fun Car Rally (Unl) [h1C].gen
Fun Car Rally (Unl) [h2C].gen
Futbol Argentino 98 - Pasion de Multitudes (Unl).gen
Gamtec Magicard (Unl) [!].gen
Ghost Hunter (Unl) [b1+C].gen
Ghost Hunter (Unl) [b1].gen
Ghost Hunter (Unl) [b2].gen
Ghost Hunter (Unl).gen
Hercules 2 (Unl).gen
Hercules (Unl) [!].gen - hack of [[Dahna Megami Tanjou]]; should see if we can find out if it's a Glorysun game or not
Iraq War 2003 (Unl).gen
Joshua & the Battle of Jericho (Unl) [!].gen
King of Fighters '98, The (Unl) [!].gen
King of Fighters '98, The (Unl) [p1][!].gen
Link Dragon (Unl).gen
Link Dragon (Unl) [h1C].gen
Lion King 3 (Unl) [f1].gen
Lion King 3 (Unl).gen
Lion King II, The (Unl) [!].gen
Lion King II, The (Unl) [p1][!].gen
Magic Girl (Unl) [!].gen
Magic Girl (Unl) [h1C].gen
Magic Girl (Unl) [t1].gen
Mahjong Lover (Unl) [!].gen
Mega Bomberman - 8 Player Demo (Unl).gen
Mega Bomberman - 8 Player Demo (Unl) [h1C].gen
Mega Bomberman - 8 Player Demo (Unl) [h2C].gen
Mega Bomberman - 8 Player Demo (Unl) [h3C].gen
MK 5 - Mortal Combat - SubZero (Unl) [!].gen
MK 5 - Mortal Combat - SubZero (Unl) [p1][!].gen
Mulan (Unl) [f1].gen
Mulan (Unl) [f2].gen
Mulan (Unl) [!].gen
Pocket Monsters 2 (Unl) [f1].gen
Pocket Monsters 2 (Unl) [!].gen
Pocket Monsters (Unl) [a1][f1].gen
Pocket Monsters (Unl) [a1][!].gen
Pocket Monsters (Unl) [f1].gen
Pocket Monsters (Unl) [!].gen
Pokemon Crazy Drummer (Unl).gen
Pretty Girl Mahjongg (Ch).gen
Pretty Girl Mahjongg (Ch) [h1C].gen
Pretty Girl Mahjongg (Ch) [h2C].gen
Pro Action Replay 2 V2.1 (Unl) [!].gen
Pro Action Replay (Unl) [!].gen
Rockman X3 (Unl) [b1].gen
Rockman X3 (Unl) [b2].gen
Rockman X3 (Unl) [f1].gen
Rockman X3 (Unl) [!].gen
Romance of the Three Kingdoms Part 5 (Ch).gen
Sangokushi Retsuden (Ch).gen
Sangokushi Retsuden (Ch) [h1C].gen
Sangokushi Retsuden (Ch) [h2C].gen
Sega Subor System Cartridge (Unl).gen
Smart Mouse (Unl) [h1C].gen - this is a header hack so still needs the copy protection; IDK if I should throw it in...
Sonic Jam 6 (Unl) [f1].gen
Sonic Jam 6 (Unl) [f1][o1].gen
Sonic Jam 6 (Unl) [f2].gen
Sonic Jam 6 (Unl) [!].gen
Sonic Jam 6 (Unl) [p1][!].gen
Soul Blade (Unl) [!].gen
Spiritual Warfare (Unl) [!].gen
Spiritual Warfare (Unl) [h1C].gen
Spiritual Warfare (Unl) [h2C].gen
Super Chinese Tycoon (Unl) [f1].gen
Super Donkey Kong 99 (Unl) [f1].gen
Super Donkey Kong 99 (Unl) [!].gen
Super Donkey Kong 99 (Unl) [h1C].gen
Super King Kong 99 (Unl) [!].gen
Super Mario 2 1998 (Unl) [f1].gen
Super Mario 2 1998 (Unl) [!].gen
Super Mario 2 1998 (Unl) [o1][f1].gen
Super Mario 2 1998 (Unl) [o1].gen
Super Mario Bros. (Unl) [f1].gen
Super Mario Bros. (Unl) [!].gen
Super Mario World (Unl) [f1].gen
Super Mario World (Unl) [!].gen
Super Mario World (Unl) [p1][!].gen
Taiwan Tycoon (Unl) [b1].gen
Taiwan Tycoon (Unl).gen
Tekken 3 Special (Unl).gen
Tiger Hunter Hero Novel (Ch).gen
Top Fighter 2000 MK VIII (Unl) [f1].gen
Top Fighter 2000 MK VIII (Unl) [!].gen
Top Shooter (Unl).gen
TotoTek Multi-Game Menu V1.00 (Unl).gen
Unknown Chinese Game 1 (Ch).gen - Feng Shen Ying Jie Chuan; not sure if different
Unknown Chinese Game 2 (Ch).gen - Shui Hu Zhuan; not sure if different
Virtua Fighter 2 vs Tekken 2 (Unl) [b1].gen
Virtua Fighter 2 vs Tekken 2 (Unl) [b2].gen
Virtua Fighter 2 vs Tekken 2 (Unl).gen
Virtua Fighter 2 vs Tekken 2 (Unl) [h1C].gen
World Pro Baseball 94 (Unl).gen
Yang Warrior Family, The (Ch).gen


16 Zhang Ma Jiang (China) (Unl).md
Action 52 (USA) (Alt) (Unl).md
Action 52 (USA) (Unl).md
Adventurous Boy - Mao Xian Xiao Zi (China) (Unl).md
Aq Renkan Awa (China) (Unl).md
Barver Battle Saga - Tai Kong Zhan Shi (China) (Unl).md
Bible Adventures (USA) (Unl).md
Chao Ji Da Fu Weng (China) (Unl).md
Dial Q o Mawase! (Japan) (Unl).md
Divine Sealing (Japan) (Unl).md
Exodus - Journey to the Promised Land (USA) (Unl).md
Feng Kuang Tao Hua Yuan (China) (Unl).md
Feng Shen Ying Jie Chuan (China) (Unl).md
Hei Tao 2 - Super Big 2 (China) (Unl).md
Hua Mu Lan - Mulan (China) (Unl).md
Jiu Ji Ma Jiang II - Ye Yan Bian (China) (Unl).md
Joshua & The Battle of Jericho (USA) (Unl).md
Long (China) (Unl).md
Ma Jiang Qing Ren - Ji Ma Jiang Zhi (China) (Unl).md
Ma Qiao E Mo Ta - Devilish Mahjong Tower (China) (Unl).md
Meng Huan Shui Guo Pan - 777 Casino (China) (Unl).md
San Guo Zhi V (China) (Unl).md
Shi Jie Zhi Bang Zheng Ba Zhan - World Pro Baseball 94 (China) (Unl).md
Shui Hu - Feng Yun Zhuan (China) (Unl).md
Shui Hu Zhuan (China) (Unl).md
Spiritual Warfare (USA) (Unl).md
Squirrel King (China) (Unl).md
Taiwan Daheng (China) (Unl).md
Tun Shi Tian Di III (China) (Simple Chinese) (Unl).md
Tun Shi Tian Di III (China) (Unl).md
Wu Kong Wai Zhuan (China) (Unl).md
Xiao Monv - Magic Girl (China) (Unl).md
Yang Jia Jiang - Yang Warrior Family (China) (Unl).md
Zhuo Gui Da Shi - Ghost Hunter (China) (Unl).md

Games With Constant-Value Hardware Registers

TODO many, many, many more
TODO perhaps this section should be changed to include the phrase "MD Compatible" (with quotes) as Creaton Softech's Ma Jiang Qing Ren: Ji Ma Jiang Zhi, though it uses a similar method, has different registers

A large number of unlicensed games merely read various constant byte values stored at specific addresses in the $400000 region as copy protection.

Game sha1sum $400000 $400002 $400004 $400006 On Failure
16 Zhang Ma Jiang 7857c797245b52641a3d1d4512089bccb0ed5359 $AA (word read; $400003 ignored) $F0 (word read; $400007 ignored)
  • $400002: check at $18EA causes a game over at the end of the round
  • $400006: check at $15D4 skips code after putting a tile, affects CPU player?
Elf Wor 5fc4591fbb1acc64e184466c7b6287c7f64e0b7a $55 $F $C9 $18
Huan Le Tao Qi Shu: Smart Mouse df7a2527875317406b466175f0614d343dd32117 $55 $F $AA $F0 The game will fade to black and freeze several seconds into gameplay. Check is at ROM $8BC.
Hei Tao 2: Super Big 2 e1e4c439c5c22fa5cfcecaab421c55bf1746b5de $55 Read by Z80, written to 68k RAM after winning the 8th match Z80 will try to overwrite RAM when winning the 8th (last?) match, crashing the game.
Meng Huan Shui Guo Pan: 777 Casino df20a28d03a2cd481af134ef7602062636c3cc79 $55 or $63 Read by Z80, but appear to be unused on either side (TODO) Z80 will try to overwrite RAM when playing the town theme the 3rd time, which will cause breakage and make the player unable to move.
Mighty Morphin' Power Rangers: The Fighting Edition 25d2d6a5ab20e16b8b42b67e5fb338421b64b29b $55 $F $C9 (TODO will $AA work too?) $18
Super Bubble Bobble MD 03f40c14624f1522d6e3105997d14e8eaba12257 $55 $F It will play a high-pitched beeping sound and refuse to go past the beginning of the title screen. This check is at ROM $123E4.
Thunderbolt II 3dca68795b6c9a16cafa5e71218d5ce83aa465fc $55 $F0
  • Fail with $400000: It tries to show credits screen instead of playing title music. (Graphics are broken due to the title screen animation continuing to run.)
  • Fail with $400006: Player dies on the second hit and goes game over.
  • Due to the game copying the values to RAM and checking them later, these PAR codes can defeat the copy protection: FF0082:5500, FF007E:F000
  • related ROM locations are: $0003D6, $000B5E, $000468, $007114
Ya Se Chuan Shuo
  • "Imperial Dynasty" version: presently undumped
  • "The Legend of Arthur" version: 8fe0806427e123717ba20478ab1410c25fa942e6
$63 $98 $C9 $18 Major sound failure; some unknown 68000-side effects too

Additional Game Specifics

Elf Wor

The game checksums the two that do the copy protection check and will refuse to boot if the checksums do not match:

ROM:000003EC                 lea     ($5166).l,a0    ; what this routine does is presently unknown (TODO)
ROM:000003F2                 move.w  #$2FF,d7
ROM:000003F6                 move.w  #0,d0
ROM:000003FA
ROM:000003FA loc_3FA:                                ; CODE XREF: ROM:000003FC�j
ROM:000003FA                 add.b   (a0)+,d0
ROM:000003FC                 dbf     d7,loc_3FA
ROM:00000400                 cmpi.b  #$5E,d0
ROM:00000404                 beq.w   loc_40E         ; next check
ROM:00000408                 jmp     (loc_300).l     ; back to entry point == no boot
ROM:0000040E ; ---------------------------------------------------------------------------
ROM:0000040E
ROM:0000040E loc_40E:                                ; CODE XREF: ROM:00000404�j
ROM:0000040E                 lea     ($1AAE).l,a0    ; this is the player event handling routine
ROM:00000414                 move.w  #$1FF,d7
ROM:00000418                 move.w  #0,d0
ROM:0000041C
ROM:0000041C loc_41C:                                ; CODE XREF: ROM:0000041E�j
ROM:0000041C                 add.b   (a0)+,d0
ROM:0000041E                 dbf     d7,loc_41C
ROM:00000422                 cmpi.b  #$94,d0
ROM:00000426                 beq.w   sub_430         ; boot!
ROM:0000042A                 jmp     (loc_300).l     ; back to entry point == no boot

Mighty Morphin' Power Rangers: The Fighting Edition

As with Elf Wor, there are routines to checksum the routines that do the copy protection:

ROM:000693B6 ; =============== S U B R O U T I N E =======================================
ROM:000693B6
ROM:000693B6
ROM:000693B6 sub_693B6:                              ; CODE XREF: sub_65AA2+3AE�p
ROM:000693B6                 cmpi.w  #$14,($FF064A).l
ROM:000693BE                 bne.w   locret_693EA
ROM:000693C2                 lea     (loc_661DE).l,a3
ROM:000693C8                 clr.l   d0
ROM:000693CA                 moveq   #$1A,d1
ROM:000693CC
ROM:000693CC loc_693CC:                              ; CODE XREF: sub_693B6+18�j
ROM:000693CC                 add.w   (a3)+,d0
ROM:000693CE                 dbf     d1,loc_693CC
ROM:000693D2                 cmpi.w  #$46D2,d0
ROM:000693D6                 beq.w   locret_693EA
ROM:000693DA                 move.w  #$EEEF,($FF020A).l ; on failure, this happens; not sure what the effect is
ROM:000693E2                 move.w  #$EEEF,($FF040A).l
ROM:000693EA
ROM:000693EA locret_693EA:                           ; CODE XREF: sub_693B6+8�j
ROM:000693EA                                         ; sub_693B6+20�j
ROM:000693EA                 rts
ROM:000693EA ; End of function sub_693B6
ROM:000693EA
ROM:000693EA ; ---------------------------------------------------------------------------

Furthermore, at $65DD4, some code is copied to ROM space to (presumably) cause the game to reboot. This is designed to thwart copiers who run games off RAM mapped where the ROM would be.

(TODO cleanup this part) According to Eke, author of Genesis Plus GX:

00065D3A:070A ; fixes internal checksum so it matches original value 

TODO find out where this other internal checksum is checked

Super Bubble Bobble MD

The game also stores stuff in the $200000-$3FFFFF range and reads stuff back from it; exactly what this should be is unknown (TODO).

Games That Use Mirrored Memory For Copy Protection

TODO not as many: Tiny Toon Adventures 3, Barver Battle Saga, Shui Hu Zhuan, Feng Shen Ying Jie Chuan, and Squirrel King are the only five I know of so far

Some games store memory instead of constant values at the $400000 area, writing byte values to one address and expecting to read them back from a different address. While each game uses different pairs of addresses (some even switching between pairs), all of them will still work if the expected value is read back from all addresses, which would be the safest option for emulator authors.

Additional Game Specifics

Games With Rockman X3-style ROM Banking

TODO this one will hurt

Games With Super Donkey Kong 99-style ROM Banking

TODO so will this

All Realtec Games

TODO: wikify this

Affected ROMs:

All Realtec games use a custom mapper format documented by TascoDLX.

Tiny Toon Adventures 3

Affected ROMs:

The game writes byte $55 to $400000 (this address is stored in memory by a calculation at $673E and the byte is stored in the function starting at $2C0C) and expects to read that byte back from $400002; otherwise, the game will reset itself (function with this check is at $2C26).

The game also appears to write to the upper 64KB of ROM (from $F0000 on), but doesn't appear to actually use that area (TODO).

Xin Qi Gai Wang Zi

Affected ROMs:

  • Xin Qi Gai Wang Zi: presently undumped
  • Dumps of pirate versions: 75f8003a6388814c1880347882b244549da62158, 4a7494d8601149f43ba7e3595a0b2340cde2e9ba

The game is 4MB storing SRAM above the $400000 mark. (TODO get specifics)