ShuriZma
/
flycast
mirror of https://github.com/flyinghead/flycast.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
flycast/core/hw/naomi/awcartridge.cpp

451 lines
14 KiB
C++
Raw Blame History

/*
* awcartridge.cpp
*
* Created on: Nov 5, 2018
* Author: flyinghead
* Plagiarized from mame (mame/src/mame/machine/awboard.cpp)
* // license:BSD-3-Clause
* // copyright-holders:Olivier Galibert,Andreas Naive
*
*/
/*
Atomiswave ROM board specs from Cah4e3 @ http://cah4e3.wordpress.com/2009/07/26/some-atomiswave-info/
AW_EPR_OFFSETL Register addres: 0x5f7000
+-------------------------------------------------------------------------------+
| bit15-0 |
+-------------------------------------------------------------------------------+
| EPR data offset low word |
+-------------------------------------------------------------------------------+
AW_EPR_OFFSETH Register addres: 0x5f7004
+-------------------------------------------------------------------------------+
| bit15-0 |
+-------------------------------------------------------------------------------+
| EPR data offset hi word |
+-------------------------------------------------------------------------------+
Both low and high words of 32-bit offset from start of EPR-ROM area. Used for
reading header and program code data, cannot be used for reading MPR-ROMs data.
During program code DMA transfer Romeo MCU perform data checksuming (decrypted data, in 8bit units),
result must match some CPLD / encryption key-specific value, otherwise MPR-ROM access
described below will not work correctly.
Game header (first 256 bytes of ROM) is not checksum protected.
AW_MPR_RECORD_INDEX Register addres: 0x5f700c
+-------------------------------------------------------------------------------+
| bit15-0 |
+-------------------------------------------------------------------------------+
| File system record index |
+-------------------------------------------------------------------------------+
This register contains index of MPR-ROM file system record (64-bytes in size) to
read throught DMA. Internal DMA offset register is assigned as AW_MPR_RECORD_INDEX<<6
from start of MPR-ROM area. Size of DMA transaction not limited, it is possible
to read any number of records or just part of it.
AW_MPR_FIRST_FILE_INDEX Register addres: 0x5f7010
+-------------------------------------------------------------------------------+
| bit15-0 |
+-------------------------------------------------------------------------------+
| First file record index |
+-------------------------------------------------------------------------------+
This register assign for internal cart circuit index of record in MPR-ROM file
system sub-area that contain information about first file of MPR-ROM files
sub-area. Internal circuit using this record to read absolute first file offset
from start of MPR-ROM area and calculate normal offset for each other file
requested, since MPR-ROM file data sub-area can be assighed only with relative
offsets from start of such sub-area.
AW_MPR_FILE_OFFSETL Register addres: 0x5f7014
+-------------------------------------------------------------------------------+
| bit15-0 |
+-------------------------------------------------------------------------------+
| MPR file offset low word |
+-------------------------------------------------------------------------------+
AW_MPR_FILE_OFFSETH Register addres: 0x5f7018
+-------------------------------------------------------------------------------+
| bit15-0 |
+-------------------------------------------------------------------------------+
| MPR file offset hi word |
+-------------------------------------------------------------------------------+
Both low and high words of 32-bit relative offset from start of MPR-ROM files
sub-area. Used by internal circuit to calculate absolute offset using data
from AW_MPR_FIRST_FILE_INDEX register. Cannot be used for reading EPR-ROM
data nor even MPR-ROM file system sub-area data.
AW_PIO_DATA Register addres: 0x5f7080
+-------------------------------------------------------------------------------+
| bit15-0 |
+-------------------------------------------------------------------------------+
| Read/Write word from/to ROM board address space |
+-------------------------------------------------------------------------------+
Using this register data can be read or written to ROM BD at AW_EPR_OFFSET directly,
decryption is not used, flash ROMs (re)programming via CFI commands possible.
Type 2 ROM BD have MPR_BANK register at AW_EPR_OFFSET 007fffff, which selects
1 of 4 mask ROM banks.
ROM board internal layouts:
Type 1:
00000000 - 00800000 IC18 flash ROM
00800000 - 01000000 IC10 or mirror of above
01000000 - 02000000 IC11 \
..... mask ROMs
07000000 - 08000000 IC17 /
Type 2:
00000000 - 00800000 FMEM1 flash ROM
00800000 - 01000000 mirror of above
01000000 - 01800000 FMEM2 flash ROM
01800000 - 02000000 mirror of above
02000000 - 04000000 MROM1 MROM4 MROM7 MROM10 \
04000000 - 06000000 MROM2 MROM5 MROM8 MROM11 banked mask ROMs
06000000 - 08000000 MROM3 MROM6 MROM9 MROM12 /
Type 3:
00000000 - 01000000 U3 flash ROM
01000000 - 02000000 U1 flash ROM
02000000 - 03000000 U4 flash ROM
03000000 - 04000000 U2 flash ROM
04000000 - 05000000 U15 flash ROM
05000000 - 06000000 U17 flash ROM
06000000 - 07000000 U14 flash ROM
07000000 - 08000000 U16 flash ROM
Development:
00000000 - 00800000 IC12 \
..... flash ROMs
07800000 - 08000000 IC27 /
In short:
EPR-ROM
+--------------+ 0x00000000
| |
| HEADER +- AW_EPR_OFFSET << 1
| |
+--------------+
| |
| CODE +- AW_EPR_OFFSET << 1
| |
| |
+--------------+ 0x007fffff
MPR-ROMS
+--------------+ 0x00000000
| FS_HEADER |
| FS_RECORD[1] +- (AW_MPR_RECORD_INDEX << 6)
| FS_RECORD[2] |
| FS_RECORD[3] +- (AW_MPR_FIRST_FILE_INDEX << 6)
| ... |
| FS_RECORD[N] |
+--------------+- FS_RECORD[AW_MPR_FIRST_FILE_INDEX].FILE_ABS_OFFSET
| FILE_0 |
| FILE_1 +- (AW_MPR_FILE_OFFSET << 1) + FS_RECORD[AW_MPR_FIRST_FILE_INDEX].FILE_ABS_OFFSET
| ... |
| FILE_N |
+--------------+ 0x07ffffff
*/
#include "awcartridge.h"
#include "awave_regs.h"
u32 AWCartridge::ReadMem(u32 address, u32 size) {
verify(size != 1);
switch(address & 255)
{
// case AW_EPR_OFFSETH_addr:
// break;
// case AW_EPR_OFFSETL_addr:
// break;
// case AW_MPR_RECORD_INDEX_addr:
// break;
// case AW_MPR_FIRST_FILE_INDEX_addr:
// break;
// case AW_MPR_FILE_OFFSETH_addr:
// break;
// case AW_MPR_FILE_OFFSETL_addr:
// break;
case AW_PIO_DATA_addr:
{
u32 roffset = epr_offset & 0x3ffffff;
if (roffset >= (mpr_offset / 2))
roffset += mpr_bank * 0x4000000;
u16 retval = (RomSize > (roffset * 2)) ? ((u16 *)RomPtr)[roffset] : 0; // not endian-safe?
DEBUG_LOG(NAOMI, "AWCART ReadMem %08x: %x", address, retval);
return retval;
}
default:
INFO_LOG(NAOMI, "Unhandled awcart read %X, %d", address, size);
return 0xffff;
}
}
void AWCartridge::WriteMem(u32 address, u32 data, u32 size)
{
switch(address & 255)
{
case AW_EPR_OFFSETH_addr:
epr_offset = (epr_offset & 0x0000ffff) | (data << 16);
recalc_dma_offset(EPR);
break;
case AW_EPR_OFFSETL_addr:
epr_offset = (epr_offset & 0xffff0000) | (u16)data;
recalc_dma_offset(EPR);
break;
case AW_MPR_RECORD_INDEX_addr:
mpr_record_index = data;
recalc_dma_offset(MPR_RECORD);
break;
case AW_MPR_FIRST_FILE_INDEX_addr:
mpr_first_file_index = data;
recalc_dma_offset(MPR_FILE);
break;
case AW_MPR_FILE_OFFSETH_addr:
mpr_file_offset = (mpr_file_offset & 0x0000ffff) | (data << 16);
recalc_dma_offset(MPR_FILE);
break;
case AW_MPR_FILE_OFFSETL_addr:
mpr_file_offset = (mpr_file_offset & 0xffff0000) | (u16)data;
recalc_dma_offset(MPR_FILE);
break;
case AW_PIO_DATA_addr:
// write to ROM board address space, including FlashROM programming using CFI (TODO)
DEBUG_LOG(NAOMI, "Write to AW_PIO_DATA: %x", data);
if (epr_offset == 0x7fffff)
mpr_bank = data & 3;
break;
default:
INFO_LOG(NAOMI, "Unhandled awcart write %X: %d sz %d", address, data, size);
break;
}
}
/*
We are using 8 bits keys with the following subfields' structure:
bits 0-3 is an index of 16-bits XOR (only 11 was used in known games)
bits 4-5 is an index to the sboxes table
bits 6-7 is an index to the permutation table
These subfields could be differing from the "real" ones in the following ways:
- Current keys equal to decrypted game code binary 8-bit sum (of each byte's swapped 4-bit nibbles)
- Every one of the index subfields could be suffering an arbitrary bitswap and XOR
- The 16-bits-XOR subfield could suffer an arbitrary XOR which could depend on the 4 index bits (that is: a different XOR per every index combination)
- Of course, the way in which we are mixing 3 subfields in one only key is arbitrary too.
*/
const u8 AWCartridge::permutation_table[4][16] =
{
{14,1,11,15,7,3,8,13,0,4,2,12,6,10,5,9},
{8,10,1,3,7,4,11,2,5,15,6,0,12,13,9,14},
{4,5,9,6,1,13,7,11,10,0,14,12,8,15,2,3},
{12,7,11,2,0,5,15,6,1,8,14,4,9,13,3,10}
};
const AWCartridge::sbox_set AWCartridge::sboxes_table[4] =
{
{
{11,8,6,25,2,7,23,28,5,10,21,20,1,26,17,19,14,27,22,30,15,4,9,24,31,3,16,12,0,18,29,13},
{13,5,9,6,4,2,11,10,12,0,8,1,3,14,15,7},
{1,13,11,3,8,7,9,10,12,15,4,14,0,5,6,2},
{3,0,5,6,2,4,1,7}
},
{
{9,15,28,7,13,24,2,23,21,1,22,16,18,8,17,31,27,6,30,12,4,20,5,19,0,25,3,29,10,14,11,26},
{5,2,13,11,8,6,12,1,4,3,0,10,14,15,7,9},
{11,6,10,0,12,1,8,14,2,9,13,3,7,4,15,5},
{1,5,6,2,4,7,3,0}
},
{
{17,25,29,27,5,11,10,21,2,8,13,0,30,3,14,16,22,1,7,15,31,18,4,20,9,19,26,24,23,28,12,6},
{15,3,2,11,7,14,6,12,1,13,0,8,9,4,10,5},
{6,12,5,7,4,8,2,3,1,14,13,11,9,10,0,15},
{5,1,0,3,4,6,2,7}
},
{
{7,21,9,20,10,28,31,11,16,15,14,30,27,23,5,25,0,22,24,2,6,17,3,18,4,12,13,19,26,1,29,8},
{10,6,5,1,13,0,9,2,15,14,7,11,8,3,12,4},
{8,6,15,13,2,7,1,3,11,0,14,10,4,5,12,9},
{6,5,4,1,0,2,3,7}
}
};
const int AWCartridge::xor_table[16] = // -1 = unknown/unused
{
0x0000, -1, 0x97CF, 0x4BE3, 0x2255, 0x8DD6, -1, 0xC6A2, 0xA1E8, 0xB3BF, 0x3B1A, 0x547A, -1, 0x935F, -1, -1
};
static u16 bitswap16(u16 in, const u8* vec)
{
u16 ret = 0;
for (int i = 0; i<16; i++) {
ret |= ((in >> vec[i])&0x1)<<(15-i);
}
return ret;
}
u16 AWCartridge::decrypt(u16 cipherText, u32 address, const u8 key)
{
u8 b0,b1,b2,b3;
u16 aux;
const u8* pbox = permutation_table[key>>6];
const sbox_set* ss = &sboxes_table[(key>>4)&3];
const u8 text_swap_vec[] = {
pbox[15],pbox[14],pbox[13],pbox[12],pbox[11],pbox[10],pbox[9],pbox[8],
pbox[7],pbox[6],pbox[5],pbox[4],pbox[3],pbox[2],pbox[1],pbox[0] };
aux = bitswap16(cipherText, text_swap_vec);
const u8 addr_swap_vec[] = { 13,5,2, 14,10,9,4, 15,11,6,1, 12,8,7,3,0 };
aux = aux ^ bitswap16((u16)address, addr_swap_vec);
b0 = aux&0x1f;
b1 = (aux>>5)&0xf;
b2 = (aux>>9)&0xf;
b3 = aux>>13;
b0 = ss->S0[b0];
b1 = ss->S1[b1];
b2 = ss->S2[b2];
b3 = ss->S3[b3];
return ((b3<<13)|(b2<<9)|(b1<<5)|b0)^xor_table[key&0xf];
}
void AWCartridge::Init()
{
mpr_offset = decrypt16(0x58/2) | (decrypt16(0x5a/2) << 16);
INFO_LOG(NAOMI, "AWCartridge::SetKey rombd_key %02x mpr_offset %08x", rombd_key, mpr_offset);
device_reset();
}
void AWCartridge::SetKey(u32 key)
{
rombd_key = key;
}
void AWCartridge::device_reset()
{
epr_offset = 0;
mpr_record_index = 0;
mpr_first_file_index = 0;
mpr_file_offset = 0;
mpr_bank = 0;
dma_offset = 0;
dma_limit = 0;
}
void AWCartridge::recalc_dma_offset(int mode)
{
switch(mode) {
case EPR:
dma_offset = epr_offset * 2;
dma_limit = mpr_offset;
break;
case MPR_RECORD:
dma_offset = mpr_offset + mpr_record_index * 0x40;
dma_limit = std::min((u32)0x8000000, RomSize);
break;
case MPR_FILE: {
u32 filedata_offs = (mpr_bank * 0x8000000 + mpr_offset + mpr_first_file_index * 0x40 + 8) / 2;
dma_offset = decrypt16(filedata_offs) | (decrypt16(filedata_offs + 1) << 16);
dma_offset = (mpr_offset + dma_offset + mpr_file_offset * 2) & 0x7ffffff;
dma_limit = std::min((uint32_t)0x8000000, RomSize);
break;
}
}
if (dma_offset >= mpr_offset) {
u32 bank_base = mpr_bank * 0x8000000;
dma_offset += bank_base;
dma_limit = std::min(dma_limit + bank_base, RomSize);
}
}
void *AWCartridge::GetDmaPtr(u32 &size)
{
size = std::min(std::min(size, 32u), dma_limit - dma_offset);
u32 offset = dma_offset / 2;
for (u32 i = 0; i < size / 2; i++)
decrypted_buf[i] = decrypt16(offset + i);
// printf("AWCART Decrypted data @ %08x:\n", dma_offset);
// for (int i = 0; i < 16; i++)
// {
// printf("%02x %02x ", decrypted_buf[i] & 0xff, decrypted_buf[i] >> 8);
// if ((i + 1) % 8 == 0)
// printf("\n");
// }
return decrypted_buf;
}
void AWCartridge::AdvancePtr(u32 size)
{
dma_offset += size;
}
std::string AWCartridge::GetGameId()
{
if (RomSize < 0x30 + 0x20)
return "(ROM too small)";
dma_offset = 0x30;
u32 limit = 0x20;
char *name = (char *)GetDmaPtr(limit);
std::string game_id(name, limit);
while (!game_id.empty() && game_id.back() == ' ')
game_id.pop_back();
return game_id;
}
void AWCartridge::Serialize(void **data, unsigned int *total_size)
{
REICAST_S(mpr_offset);
REICAST_S(mpr_bank);
REICAST_S(epr_offset);
REICAST_S(mpr_file_offset);
REICAST_S(mpr_record_index);
REICAST_S(mpr_first_file_index);
REICAST_S(dma_offset);
REICAST_S(dma_limit);
Cartridge::Serialize(data, total_size);
}
void AWCartridge::Unserialize(void **data, unsigned int *total_size)
{
REICAST_US(mpr_offset);
REICAST_US(mpr_bank);
REICAST_US(epr_offset);
REICAST_US(mpr_file_offset);
REICAST_US(mpr_record_index);
REICAST_US(mpr_first_file_index);
REICAST_US(dma_offset);
REICAST_US(dma_limit);
Cartridge::Unserialize(data, total_size);
}
Reference in New Issue View Git Blame Copy Permalink