Konami ROM protection

08-09-2003, 15:38

I try to write a ROM->BIN convertor with compression (so, you'll be able to load a 32K ROM as single BIN file), and accountered a number of problems.

1) First of all, seems that ROMs use CALL 0024 to switch memory, and I have to patch this call with NOPs so it will not change the correct memory configuration with the wrong one.

That's what WYZ told me , but I am not sure. On his MSX he has 32K of RAM in one slot and 32K of RAM in another, so according to him this will help to run on such strange memory layouts.

2) A number of Konami ROMs have protection - they try to modify the code in memory. For original ROM it does nothing, but when the game runs in RAM, the code breaks itself, which can result in various things - game doesn't start or shows title page and stops, etc.

Here are the examples of such a protection -
King's Valley:

403E 21 E4 40 ld hl,40E4
4041 3A 4C 40 ld a,(404C)
4044 77 ld (hl),a
4045 23 inc hl
4046 36 C9 ld (hl),C9
4048 C3 E8 45 jp 45E8

409C ED 53 C0 43 ld (43C0),de
40A0 C3 AB 44 jp 44AB



4025 21 E1 C9 ld hl,C9E1
4028 22 95 41 ld (4195),hl
402B C3 F6 4A jp 4AF6

40FB 21 F7 47 ld hl,47F7
40FE CB B6 res 6,(hl)
4100 C3 29 4D jp 4D29

What I want to do is to find some more-or-less universal algorithm for finding this kind of protection. Any information you have about it is appreciated:
1) which games have protection, which not
2) are there non-konami games protected this or another way ?
3) does somebody have the ready patches or offsets info about protected games ?
In fact, there are not too much of them and I can identify and patch every ROM.
4) Robsy's WAVeR can run protected games. What exactly you do, Robsy ?

Thank you in advance to everybody who can help.

08-09-2003, 15:46

Most of the roms that were spread before the goodmsx redumping project started were already cracked. Maybe you can still find them somewhere :/
At least for Knightmare I know it's protected, no idea about others...

08-09-2003, 15:55

Maybe you can still find them somewhere
Of course, I can find, and compare the cracked version with the original.
That's what I did for King's Valley and Twinbee.
Imagine the amount of work to make it for all games... That's why I need help.

At least, I want to know how much of them are protected.
If we talk about 20-30 games only, I can do the research and publish the results.

28-09-2003, 19:08

A generic patcher is impossible. Every game has his own protection type, but is not so difficult to find it with a good debugger , disassambling or hexediting

ex: knightmare

I founded 3 tries to protect the game: 4025,4052 (the same type) and 40CB searching for (21 XX 4X or 22 XX 4X) overwrite protection.