Slashdot Mirror

← Back to Stories (view on slashdot.org)

CPS-2 Encryption Scheme Broken

Posted by Hemos on from the more-roms-for-all dept.

Acheon writes: "The CPS-2 arcade board from Capcom uses some hard encryption scheme that has been a very hot issue in emulation for years. Yet finally the code was broken Final Burn, a quite recent arcade emulator, showed concrete results by running previously unsupported games such as Street Fighter Zero using decrypted ROM images. The CPS-2 Shock Team, who managed to reverse engineer the process for scratch, really outdone themselves and it is a very uncommon achievement." Thanks to Jamie for also pointing out more info.

6 of 45 comments (clear)

  1. hacking arcade games by Anonymous Coward · · Score: 3

    check out Wiretap for a boat load of arcade game hacking resources.

  2. Re:oh PLEASE! by johnathan · · Score: 3
    It's just as illegal to distribute an old rom that you don't own than it is for a new one. Did someone at Capcom call up the cps2shock guys and say "Hey listen, we are having a hard time deciding which of our older CPS2 titles should be released to the public for free, can you make the decision for us?" Yeah I thought not.

    It's not that I have a problem with arcade emu because I don't. But I also don't lie to myself when I download a ROM I don't own by saying "Oh it's ok, this is an older game."

    Sure, it is still illegal to distribute an older ROM. But this is entirely a different question than whether it is moral to do so. If I download a ROM for which the copyright owner has no further marketing plans, I don't think I'm lying to myself if I say that it's OK. It may be illegal, but the copyright holder is not injured in any way. In fact, the copyright holder is probably better off for having their game remain in the public consciousness, since it will create new fans of the game (in case they do decide later to rerelease it) and of the company. And if it is rerelased, then the moral thing to do would be to buy it or stop using it.

    --

    --
    You don't need a weatherman to know which way the wind blows.
  3. MAME's Status? by IanCarlson · · Score: 4

    Now that encryption has been broken on these Capcom ROMS, will MAME begin to support these games that we've been robbed of stealing for so long?

    [ Ack! Robbed of stealing. Figure that logic out. ]

    --
    aÍÍ©ÍÌÍ£Ì'̽ͩÌÍzÍYÌÍÌY
  4. Responsible Emulation by milkme123 · · Score: 4

    A big thank-you to the cps2shock team for promoting responsible emulation. Capcom has been *extremely* fair with the emulation community (going so far as to distribute legal cps-1 roms with the HotRod joystick), and it would be a shame for their hand to be forced. So emulation nuts will get to play earlier cps-2 titles, and Capcom will still be able to sell machines like Street Fighter Alpha 3.

  5. Not so fast by Big+Jason · · Score: 5

    From http://cps2shock.retrogames.com/, in case it gets /.'ed.

    Now that CPS2shock has reached its goal in making it possible to play CPS-2 games in emulators we've taken a few days to think about the future of CPS2shock.

    The Future Intent of CPS2shock

    CPS2shock will no longer release any information that can be used to break CPS-2 encryption until such times as Capcom no longer release new titles on the system.

    CPS2shock will work of dumping older CPS-2 games and releasing them for your enjoyment to play in emulators.
    ____________________________________

    This decision is based on the the following;
    CPS-2 games are still in production.
    Emulation is at a point now where it can have a direct influence on future plans of the game manufactures. Knowing the encryption method COULD kill CPS-2 & any future planned game releases. Need I say more.
    To help stop bootlegging of new CPS-2 releases.
    Due to the fact that CPS-1 and CPS-2 hardware is so similar knowing how the encryption system works would leave new CPS-2 games wide open to bootlegging.
    To control the release of games.
    CPS2shock does not want to see newer games emulated until they are well past their sell by date. CPS2shock will not allow CPS-2 emulation to go down the same road as NeoGeo did if we have anything to do with it.
    ____________________________________

    If you still can't see the logic behind our decision when I make you aware of the following.
    We had the logic, knowledge and intelligence to find a way to allow emulation of CPS-2 games. The same logic, knowledge and intelligence was used to reach this decision.
    If you still don't like it there is nothing stopping you from breaking the encryption yourself, just don't expect us to help you. Instead of bitching about it use that energy to start you on your way.

    If you don't understand what all this means don't worry CPS2shock will be dumping more CPS-2 games so you can play them in your favourite emulators.

  6. Encryption has not been broken. by Gridle · · Score: 5

    Sorry to burst your bubble and smash the integrity of this news piece, but the encryption algorithm has not been broken, nor any of the actual encryption keys are known.

    CPS2Shock team however managed to do something that nobody has done before - extract unencrypted data from the board using 68k code on the hardware itself. This will help figuring out the actual algorithm, but as of yet, the encryption has not been broken. The current files are only useful for playing Street Fighter Zero on emulators, and the painful process to extract this unencrypted data will have to be re-done on EVERY game if nobody can reverse-engineer the actual algorithm.

    CPS-2 encryption sounds simple, but it has been used for 8 years now (since 1993 and Super Street Fighter 2, the first CPS-2 system game) and no bootlegs have been made of the games. It doesn't have to mean that it's an overly complicated algorithm, but so far nobody has had any unencrypted data to work against. What makes this scheme devious is that it only encrypts 68k code, not data, so the 0xFFFF and 0x0000 fills don't get encrypted (0xFF and 0x00 fills were crucial in breaking the Kabuki algorithm, used in CPS-1 games' Qsound program roms). Without the unencrypted 68k code, it was impossible to figure out what the encrypted values are related to. It is known that it works on word values (change any bit in the first word and only its encrypted / unencrypted values change, none of the others') and that the address of the value in question is probably used as one of the coefficients in the algorithm.

    The files that CPS2Shock released are XOR tables. When used against the original encrypted program ROM file they will produce a ROM file with unencrypted code, but data intact (since it was never encrypted anyway). Go ahead and see if you can actually break the encryption, it shouldn't be that hard now.

    (Encrypted) CPS2 ROMs, get the encrypted Street Fighter Zero program ROM from here and XOR table from CPS2Shock.