Hadou no Hyouteki version differences

Pagina 3/4
1 | 2 | | 4

Van sd_snatcher

Prophet (3092)

afbeelding van sd_snatcher

11-08-2019, 05:01

The Panasonic MSX2+ machines block the reading of external memory mapper I/O ports. This is probably what's causing you headaches with software that do what they shouldn't.

Van Manuel

Ascended (15815)

afbeelding van Manuel

11-08-2019, 11:22

Well, apparently MemMan 2.0 did this wrong and MemMan 2.42 does this right. So, that's not a problem, as 2.42 is the latest version.
As sd_snatcher says, no program really would need to read these mapper I/O ports, so software that doesn't work on that machine with an external mapper is buggy and could be fixed. It's not a flaw of your machine!

Van wyrdwad

Paladin (792)

afbeelding van wyrdwad

13-08-2019, 16:36

OK, so I finally had time to sit down with this again. Tried sticking MemMan 2.42 onto the disk with FastCopy 3.0, and MemMan does seem to load OK... but after that, I have NO IDEA what to do. I'm just left with an MSX-BASIC "Ok" prompt, and when I LIST, there's no program in memory. And the documentation for MemMan 2.42 seems to be in Dutch, so... yeah... I'm kind of at a loss on how to proceed! Wink

In the meantime, though, I scanned and uploaded the box art in 400dpi, as well as DSK rips of the no-kanji-rom version of the game. You can download all of this here:

https://www.sendspace.com/filegroup/QtJwNUncBmhrP%2FX5wIlTgw

The DSK rips of graphic disks 1, 2, and 3 should be perfect as-is, since those disks contain no copy protection and I had no trouble ripping them. The main disk, however, DOES have copy protection, as previously noted, so the version in this zip has been cracked by Max Iwamoto, with both the cracked DSK and the IPS patch for cracking my Disk Manager rip included.

This crack is flawed, however, as previously noted in this topic: the intro loops, and the Studio WING logo at the beginning is partially cut off. But it's a good proof-of-concept, and a good start for getting this game ripped and preserved!

Hope it's OK to post this here.

-Tom

Van Manuel

Ascended (15815)

afbeelding van Manuel

13-08-2019, 21:39

Tom, I got the same issue and worked around it by loading MemMan from MSX-DOS. Works all fine, but then FastCopy says it doesn't support the disk drive BIOS of that machine... if you want I can send you the disk image.

I hope you and Max can get a DMK image with copy protection included, without the graphics corruption. For preservation purposes.

Van max_iwamoto

Champion (468)

afbeelding van max_iwamoto

13-08-2019, 22:03

Manuel wrote:

Tom, I got the same issue and worked around it by loading MemMan from MSX-DOS. Works all fine, but then FastCopy says it doesn't support the disk drive BIOS of that machine... if you want I can send you the disk image.

I hope you and Max can get a DMK image with copy protection included, without the graphics corruption. For preservation purposes.

We are working on it...

Van Manuel

Ascended (15815)

afbeelding van Manuel

13-08-2019, 22:23

You guys are awesome.

Van Grauw

Ascended (8508)

afbeelding van Grauw

14-08-2019, 00:23

I think you guys are awesome too!

Van gdx

Prophet (3084)

afbeelding van gdx

14-08-2019, 00:34

Thank you!

Van max_iwamoto

Champion (468)

afbeelding van max_iwamoto

02-09-2019, 23:09

Hello, everybody.

It took some time but I received disks from Tom from Japan. And I started the process of dumping them and researching. It took me a few days but now we have a good dump. Unfortunately DMK cannot clone protection properly. During this process I learned many things about DMK, PDI, PDT programs and I think I will create a special post for all my findings. For example I found more games that cannot be cloned with DMK. Maybe it is possible by using different config or different setting, I am not sure and hope some people can help me with that. One of those games is a disk version of CRIMSON and after dumping it, I realized it's quite different from ROM version but on generation-msx they listed like they are the same. Not only disk version has FM music, it also have different graphics and start completely different (but again, we will talk about it in a separate topic). Also I learned with Tom's help how to remove mold from disks and make them readable again (that was the case for CRIMSON and CRIMSON III, BTW, CRIMSON III also not clone-able with DMK).

So, here is the story about the dump of different version of LEGEND OF MELVEL:

0. Here is my set-up:

Yamaha MSX2 YIS503III + MegaFlashROM SCC+2xSD+512KB MAPPER + Yamaha FD-051 FDD interface with FD-5U & FD-05C FLOPPY DISK DRIVES. FLOPPY DISK were drive "C:" & "D:". I ran DMK & DSKPRO tools from drive "C:" and read drive "D:" to a file located on SD Card in drive "B:". FD-051 FDD interface uses WESTERN DIGITAL CONTROLLER.

1. I dumped DMK file and tried it on openMSX. The good news, I was able to read it without errors, so the main logo is not damaged anymore. But after running on openMSX I learned that game do know its not an original copy. And, again, when I changed the code inside RAM, game just booted without any issues. This was the second time I was able to start the game and not leave it looping in the intro.

2. I dumped main disk using PDI and then converted to DMK. I learned 2 things: a) that DMK size is shorter compare to the size when dump as DMK b) you cannot use undmk program to DMK file created from PDI. It will ran but not create DSK file...

3. I converted DSK from original DMK and noticed that it has 2 more sectors in it...

4. I started researching and found out the following (the tracks were dumped by PDT tool):

DMK file analyzer:


Disk Format F9 (80 tracks, Dual sided)

Physical Track 0, Head 0,  Flag=0,  Gaps: 0x00,59x27,22x4E,13x09,333xF7 Tracksize = 6278
T:0 H:0 S:1 Size:512 CRChi:CA6F CRChc:CA6F E:0 CRCdi:8895 CRCdc:8895
T:0 H:0 S:2 Size:512 CRChi:9F3C CRChc:9F3C E:0 CRCdi:6353 CRCdc:6353
T:0 H:0 S:3 Size:512 CRChi:AC0D CRChc:AC0D E:0 CRCdi:C8B4 CRCdc:C8B4
T:0 H:0 S:4 Size:512 CRChi:359A CRChc:359A E:0 CRCdi:85D6 CRCdc:85D6
T:0 H:0 S:5 Size:512 CRChi:06AB CRChc:06AB E:0 CRCdi:E7F1 CRCdc:E7F1
T:0 H:0 S:6 Size:512 CRChi:53F8 CRChc:53F8 E:0 CRCdi:3C4E CRCdc:3C4E
T:0 H:0 S:7 Size:512 CRChi:60C9 CRChc:60C9 E:0 CRCdi:95F9 CRCdc:95F9
T:0 H:0 S:8 Size:512 CRChi:70F7 CRChc:70F7 E:0 CRCdi:B6B8 CRCdc:B6B8
T:0 H:0 S:9 Size:512 CRChi:43C6 CRChc:43C6 E:0 CRCdi:05AC CRCdc:05AC

T:0 H:0 S:246 Size:512 CRChi:4039 CRChc:4039 E:8 CRCdi:A06C CRCdc:7759 CRCM: h-

Physical Track 0, Head 1,  Flag=0,  Gaps: 0x00,54x90,22x4E,13x90,346xF7 Tracksize = 6286
T:0 H:1 S:1 Size:512 CRChi:FD5F CRChc:FD5F E:0 CRCdi:D1EB CRCdc:D1EB
T:0 H:1 S:2 Size:512 CRChi:A80C CRChc:A80C E:0 CRCdi:9146 CRCdc:9146
T:0 H:1 S:3 Size:512 CRChi:9B3D CRChc:9B3D E:0 CRCdi:A63F CRCdc:A63F
T:0 H:1 S:4 Size:512 CRChi:02AA CRChc:02AA E:0 CRCdi:BAEB CRCdc:BAEB
T:0 H:1 S:5 Size:512 CRChi:319B CRChc:319B E:0 CRCdi:878C CRCdc:878C
T:0 H:1 S:6 Size:512 CRChi:64C8 CRChc:64C8 E:0 CRCdi:E269 CRCdc:E269
T:0 H:1 S:7 Size:512 CRChi:57F9 CRChc:57F9 E:0 CRCdi:6C81 CRCdc:6C81
T:0 H:1 S:8 Size:512 CRChi:47C7 CRChc:47C7 E:0 CRCdi:EE5F CRCdc:EE5F
T:0 H:1 S:9 Size:512 CRChi:74F6 CRChc:74F6 E:0 CRCdi:E0C0 CRCdc:E0C0

T:0 H:1 S:246 Size:512 CRChi:7709 CRChc:7709 E:8 CRCdi:6533 CRCdc:99DB CRCM: h-

PDI file analyzer:


Disk Format F9 (80 tracks, Dual sided)

Physical Track 0, Head 0,  Flag=1,  Gaps: 80x42,50x4E,22x4E,54x4E,598x4E Tracksize = 7024
T:0 H:0 S:1 Size:512 CRChi:CA6F CRChc:CA6F E:0 CRCdi:0064 CRCdc:8895 CRCM: h-
T:0 H:0 S:2 Size:512 CRChi:0419 CRChc:9F3C E:0 CRCdi:5363 CRCdc:6353 CRCM: --
T:0 H:0 S:3 Size:512 CRChi:AC0D CRChc:AC0D E:0 CRCdi:0113 CRCdc:C8B4 CRCM: h-
T:0 H:0 S:4 Size:512 CRChi:359A CRChc:359A E:0 CRCdi:D685 CRCdc:85D6 CRCM: h-
T:0 H:0 S:5 Size:512 CRChi:06AB CRChc:06AB E:0 CRCdi:1820 CRCdc:E7F1 CRCM: h-
T:0 H:0 S:6 Size:512 CRChi:53F8 CRChc:53F8 E:0 CRCdi:4E3C CRCdc:3C4E CRCM: h-
T:0 H:0 S:7 Size:512 CRChi:60C9 CRChc:60C9 E:0 CRCdi:0880 CRCdc:95F9 CRCM: h-
T:0 H:0 S:8 Size:512 CRChi:70F7 CRChc:70F7 E:0 CRCdi:B8B6 CRCdc:B6B8 CRCM: h-
T:0 H:0 S:9 Size:512 CRChi:43C6 CRChc:43C6 E:0 CRCdi:AC05 CRCdc:05AC CRCM: h-

T:0 H:0 S:246 Size:512 CRChi:4039 CRChc:4039 E:8 CRCdi:120A CRCdc:A4FF CRCM: h-

Physical Track 0, Head 1,  Flag=1,  Gaps: 80x27,50x4E,22x4E,54x4E,598x4E Tracksize = 7024
T:0 H:1 S:1 Size:512 CRChi:FD5F CRChc:FD5F E:0 CRCdi:EBD1 CRCdc:D1EB CRCM: h-
T:0 H:1 S:2 Size:512 CRChi:A80C CRChc:A80C E:0 CRCdi:6098 CRCdc:9146 CRCM: h-
T:0 H:1 S:3 Size:512 CRChi:0401 CRChc:9B3D E:0 CRCdi:0030 CRCdc:A63F CRCM: --
T:0 H:1 S:4 Size:512 CRChi:02AA CRChc:02AA E:0 CRCdi:0000 CRCdc:BAEB CRCM: h-
T:0 H:1 S:5 Size:512 CRChi:319B CRChc:319B E:0 CRCdi:88C1 CRCdc:878C CRCM: h-
T:0 H:1 S:6 Size:512 CRChi:64C8 CRChc:64C8 E:0 CRCdi:0832 CRCdc:E269 CRCM: h-
T:0 H:1 S:7 Size:512 CRChi:57F9 CRChc:57F9 E:0 CRCdi:4FE0 CRCdc:6C81 CRCM: h-
T:0 H:1 S:8 Size:512 CRChi:47C7 CRChc:47C7 E:0 CRCdi:0020 CRCdc:EE5F CRCM: h-
T:0 H:1 S:9 Size:512 CRChi:74F6 CRChc:74F6 E:0 CRCdi:C0C7 CRCdc:E0C0 CRCM: h-

T:0 H:1 S:246 Size:512 CRChi:7709 CRChc:7709 E:8 CRCdi:659A CRCdc:25CB CRCM: h-

As you can see, PDI dump is more accurate...

So, the main news here, we have on track 0 head 0 and track 0 head 1 two more sectors with number 246...

And they do contain the data. So, this is why when we converted DMK to DSK we had 2 more sectors. Now, the question if this data used by the game? I was not able to find any evidence of it so far... And this is not what protection checks...

Here is the sector that protection reads twice and compare to decide if game has been copied:

Again, versions of DMK and PDI included...


T:78 H:1 S:9 Size:512 CRChi:B830 CRChc:B830 E:8 CRCdi:0833 CRCdc:45C1 CRCM: h-

T:78 H:1 S:9 Size:512 CRChi:B830 CRChc:B830 E:8 CRCdi:0909 CRCdc:469D CRCM: h-

5. So, that was a good progress... Let's talk a bit about protection. The game starts as usual by loading the boot sector and right at C01Fh goes to C080h to check protection. It read sectore 58Dh 2 times, and if content is the same (if sector's CRC bad, it should be different) it will loop indefinitely...

I tried multiple ways to change protection checking and every time when I start disk with removed protection intro would loop.

The interesting thing about this game that it uses assembly code and basic code. It loads basic code from assembly and executes it and then goes back to assembly.
I found interesting way to stop basic program from running. I was changing data around 8000h address to "00" and game exited to basic with error code. After I was returning proper code in debugger and re-executing it. I found where it was printing "1" & "2" options and it also was checking variable around "E0XXh" and would loop.

I changed code and was very happy about it. But to my surprise intro was still looping. And the variable was located in the graphics part of the game...

It was driving me crazy. I started to think that game is checking if content of boot sector has been changed. But when I search for possible reads of boot sector, found nothing... Then I decided to put a break point on F37Dh to see if game will read boot sector. And to my surprise it did some time after starting the intro. But the code was encrypted with XOR FFh. So the check starts at address CF72h, then CALL CFBDh (un-encrypt checking code), load boot sector to E000h, then load encrypted copy of boot sector from sector 04B6h to E200h. And after that it was un-encrypting it and checking content. If it doesn't match, it will write "2" to (CFFFh) and if they do match, it will leave (CFFFh) as "0". So I put RET where it was changing value of (CFFFh) and this solved the issue with intro looping.

6. So, now we have a good dump and it works. The only question is: if code from 2 extra sectors used somewhere in the game and can affect gameplay. Somebody needs to play it to see if it relevant. Or we can have another solution. We can partially crack DMK file where it reads the 058Dh sector and remove boot sector check, but DMK file WILL inlude 2 extra sectors, and if game loads them, it will work fine. The only issue, if I change code inside of DMK file, it stops booting at all and goes straight to BASIC. I need to find a way to edit DMK file and write it back with CRC intact (I may try to use the program Manuel suggested in other tread where we were talking about protection removal).

7. So, here is the link to archive containing two versions of the game. I called mine 1.0 and Tom's 0.0... The 0.0 should work without Kanji ROM, but somehow my version also works without it... I also include DMK and PDI dumps of the main disk and some other stuff. For now I suggest to use DSK files with cracked main disk (and not DSK created from DMK as it wouldn't work because of the 2 extra sectors). Looks like version 1.0 doesn't have any protection but I will need to double check for secret sectors as we learned about them from Tom's version.

Here is the link to the archive:

https://drive.google.com/file/d/1NtZg7x4xqSMvgE6Oeo7-ySqEcsg...

Enjoy!

Van Grauw

Ascended (8508)

afbeelding van Grauw

02-09-2019, 23:29

Super interesting!

Pagina 3/4
1 | 2 | | 4